16 matches found
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
CVE-2025-63416
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
EUVD-2025-37928
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63418
Summary: CVE-2025-63418 affects the SelfBest platform 2023.3. The issue is a DOM-based XSS caused by client-side code performing direct DOM manipulation without adequate sanitization or a CSP. This could allow an attacker to execute arbitrary JavaScript in a logged-in user’s context, potentially ...
EUVD-2025-37926
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
CVE-2025-63416
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
CVE-2025-63418
A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...
CVE-2025-63416
CVE-2025-63416 is a stored XSS vulnerability in SelfBest platform 2023.3 (chat feature). The issue allows authenticated, low-privileged users to execute arbitrary JavaScript in other sessions, potentially accessing administrative data and performing privilege escalation, including exfiltration of...
CVE-2025-63416
exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...
PT-2025-45159
Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...