27 matches found
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
CVE-2025-63416
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
CVE-2025-63416
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
CVE-2025-63416
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
EUVD-2025-37928
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
SelfBest 安全漏洞
SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from client-side code that is susceptible to direct DOM manipulation and lacks adequate cleanup or content security policies, which could le...
CVE-2025-63418
Summary: CVE-2025-63418 affects the SelfBest platform 2023.3. The issue is a DOM-based XSS caused by client-side code performing direct DOM manipulation without adequate sanitization or a CSP. This could allow an attacker to execute arbitrary JavaScript in a logged-in user’s context, potentially ...
PT-2025-45158
Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated attackers can inject arbitrary web scripts or HTML through the chat message input field. This...
EUVD-2025-37926
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
CVE-2025-63416
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
PT-2025-45153
Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated, low-privileged attackers can execute arbitrary JavaScript in the context of other users’...
CVE-2025-63417
SelfBest platform 2023.3 contains a Stored XSS in the chat feature. The vulnerability allows authenticated users to inject scripts or HTML via the chat message input, which is stored and later executed in other users’ browsers, potentially enabling session hijacking or account takeover. The issue...