← volver
CVE-2025-65187

CVE-2025-65187

CVSS 6.1 MEDIUMEPSS 0.2%CWE-79
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://civicrm.com/https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-65187.pdf