216.73.216.133

CVE-2025-11682

· Published 27/10/2025 08:15 · Modified 27/10/2025 13:19

Labels: CVE-2025-11682 2025-10-27CVE-2025-11682CWE-79[email protected]

Essential information

Published
27/10/2025 08:15
Modified
27/10/2025 13:19
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can upload a malicious SVG file containing a script payload to a campaign. When another user views this image on the public LMT microsite, the script executes, which can lead to session hijacking, data theft, or other unauthorized actions.This issue affects Customer Engagement & Loyalty Platform before 4.617.4.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
perx / customer engagement and loyalty platform cpe:2.3:a:perx:customer_engagement_and_loyalty_platform:<4.617.4:*:*:*:*:*:*:*

References