← voltar
CVE-2025-6078

CVE-2025-6078

CVSS 5.4 MEDIUMEPSS 0.3%
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Partner Software · Partner Web

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://kb.cert.org/vuls/id/317469https://partnersoftware.com/resources/software-release-info-4-32/https://www.kb.cert.org/vuls/id/317469