exploitDog

CVE-2025-66574

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

Ссылки

https://compassplustechnologies.com/
Product
https://www.exploit-db.com/exploits/52086
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/tranzaxis-32411026-stored-cross-site-scripting-xss
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/52086
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:compassplustechnologies:tranzaxis:3.2.41.10.26:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rhmr-8qxw-mm32

CVSS3: 5.4

github

2 месяца назад

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79