← voltar
CVE-2025-3894

Stored XSS in MegaBIP

CVSS 4.8 MEDIUMEPSS 0.4%CWE-79
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required.   Version 5.20 of MegaBIP fixes this issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Jan Syski · MegaBIP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert.pl/en/posts/2025/05/CVE-2025-3893https://megabip.pl/index.php?id=24,145https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej