Back to search
CVE-2025-7761
Published: Aug 14, 2025
Modified: Aug 14, 2025
PUBLISHED
Description
Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did not respond in any way. Potentially all versions are vulnerable.
| Vendor | Product | Versions |
|---|---|---|
Akcess-Net | Lepszy BIP | affected 0 - <= *.* |
Weaknesses (CWE)
References
https://cert.pl/posts/2025/07/CVE-2025-7761
third-party-advisory
https://www.lepszybip.pl/
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now