CVE-2025-64030

Published: Dec 1, 2025

Modified: Dec 1, 2025

PUBLISHED

Description

Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript execution in their browsers.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://chinasystems.com/whatwedo/ee

https://0xy37.medium.com/stored-xss-in-chinasystems-eximbills-enterprise-v4-1-5-f8f5a79c4f0b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-64030

Description

Affected Products

References