CVE-2025-6078

Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
certccCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
References
https://partnersoftware.com/resources/software-release-info-4-32/