CVE-2025-6078
Essential information
- Published
- 02/08/2025 03:15
- Modified
- 02/08/2025 03:15
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| partner software / partner software | cpe:2.3:a:partner_software:partner_software:*:*:*:*:*:*:*:* |
| partner software / partner web application | cpe:2.3:a:partner_software:partner_web_application:*:*:*:*:*:*:*:* |