CVE-2025-64758
CVE-2025-64758 affects Dependency-Track frontend (SPA). From 4.12.0 up to before 4.13.6, administrators with SYSTEM_CONFIGURATION could configure a login-page welcome message that was not properly sanitized, allowing arbitrary JavaScript to execute in users’ browsers. The issue results in a persi...