CVE-2025-0424

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities.An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their session using an "Authenticated Stored Cross-Site Scripting". Those other users might have more privileges than the attacker, enabling a form of horizontal movement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
NCSC.chCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Common Weakness Enumeration
References
https://www.cordaware.com/changelog/en/version-6_4_0_4-release-13_02_2025.html