CVE-2025-63418

Опубликовано: 05 нояб. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A DOM-based Cross-Site Scripting (XSS) vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side code being susceptible to direct DOM manipulation without adequate sanitization or a Content Security Policy (CSP), potentially leading to account takeover and data theft.

Ссылки

https://rohitchaudhary045.medium.com/cve-2025-63418-weaponizing-the-browser-console-a-dom-based-xss-deep-dive-25ed3ac9cb53
Exploit
Mitigation
Third Party Advisory
https://rohitchaudhary045.medium.com/cve-2025-63418-weaponizing-the-browser-console-a-dom-based-xss-deep-dive-25ed3ac9cb53
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:selfbest:selfbest:2023.3:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00059

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4h7f-6q5m-3p6f