exploitDog

CVE-2025-66561

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 5.4

EPSS Низкий

Описание

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.

Ссылки

https://github.com/Syslifters/sysreptor/security/advisories/GHSA-64vw-v5c4-mgvm
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:syslifters:sysreptor:*:*:*:*:*:*:*:*

Версия до 2025.102 (исключая)

EPSS

Процентиль: 11%

0.00037

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 11%

0.00037

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79