Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.5 views

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

7.2CVSS5AI score0.00224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.7 views

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

9.1CVSS5.7AI score0.00357EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.6 views

CVE-2025-63418

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

6.1CVSS6.3AI score0.00208EPSS
Exploits1References1
NVD
NVD
added 2025/11/05 7:16 p.m.4 views

CVE-2025-63418

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

6.1CVSS0.00208EPSS
Exploits1References1
OSV
OSV
added 2025/11/05 7:16 p.m.5 views

CVE-2025-63418

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

6.1CVSS6AI score0.00208EPSS
Exploits1References1
OSV
OSV
added 2025/11/05 7:16 p.m.6 views

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

7.2CVSS5.9AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2025/11/05 7:16 p.m.6 views

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

7.2CVSS0.00224EPSS
Exploits1References1
NVD
NVD
added 2025/11/05 7:16 p.m.3 views

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

9.1CVSS0.00357EPSS
Exploits1References2
OSV
OSV
added 2025/11/05 7:16 p.m.5 views

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

9.1CVSS6AI score0.00357EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.5 views

PT-2025-45159

Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...

6.1CVSS5.8AI score0.00208EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/05 12:0 a.m.4 views

EUVD-2025-37928

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

5.7AI score0.00208EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/05 12:0 a.m.4 views

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

4.6AI score0.00224EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.5 views

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from client-side code that is susceptible to direct DOM manipulation and lacks adequate cleanup or content security policies, which could le...

6.1CVSS6AI score0.00208EPSS
Exploits1References1
CVE
CVE
added 2025/11/05 12:0 a.m.13 views

CVE-2025-63418

Summary: CVE-2025-63418 affects the SelfBest platform 2023.3. The issue is a DOM-based XSS caused by client-side code performing direct DOM manipulation without adequate sanitization or a CSP. This could allow an attacker to execute arbitrary JavaScript in a logged-in user’s context, potentially ...

6.1CVSS5.8AI score0.00208EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/11/05 12:0 a.m.6 views

EUVD-2025-37918

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

4.5AI score0.00224EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.6 views

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from insufficient cleanup and escaping of chat message input fields in the chat feature, which could lead to a stored cross-site scripting...

7.2CVSS5.9AI score0.00224EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/05 12:0 a.m.5 views

EUVD-2025-37926

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

9.1CVSS5.3AI score0.00357EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.4 views

PT-2025-45153

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated, low-privileged attackers can execute arbitrary JavaScript in the context of other users’...

9.1CVSS5.7AI score0.00357EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.4 views

SelfBest 安全漏洞

SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from the presence of stored cross-site scripting in the Chat feature, which could lead to the execution of arbitrary JavaScript code by a...

9.1CVSS6.4AI score0.00357EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/05 12:0 a.m.4 views

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

5.5AI score0.00357EPSS
Exploits1References2
Rows per page
Query Builder