Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-436v-ch6r-3qxq

Опубликовано: 05 янв. 2026
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page.

This plugin is disabled by default.

Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier)

Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page.

This plugin is disabled by default.

Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier)

Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.

Ссылки

EPSS

Процентиль: 16%
0.00051
Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-59467

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2025-59467

CVSS3: 7.5
nvd
около 1 месяца назад

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.

EPSS

Процентиль: 16%
0.00051
Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-59467

Дефекты

CWE-79