← voltar
CVE-2025-65187

CVE-2025-65187

CVSS 6.1 MEDIUMEPSS 0.2%CWE-79
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://civicrm.com/https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-65187.pdf