QwikSec

Security Database

CVE

CWE

Training

CVE-2025-1420

Published: May 21, 2025

Modified: May 21, 2025

PUBLISHED

Description

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

Vendor	Product	Versions
Proget	Proget	affected `0 - < 2.17.5`

Weaknesses (CWE)

References

https://cert.pl/en/posts/2025/05/CVE-2025-1415

third-party-advisory

https://proget.pl/en/mobile-device-management/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.