CVE-2025-51989
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| evolution_consulting | hrmaster | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an HTML injection issue in the registration interface of the Evolution Consulting Kft. HRmaster module v235. It allows an attacker to inject HTML tags into the 'keresztnév' (firstname) field. These injected tags are then included in an email sent out, which can be exploited to conduct phishing attacks against email addresses that have not been previously registered.
How can this vulnerability impact me? :
The vulnerability can lead to phishing attacks by allowing attackers to send emails containing malicious HTML content to unregistered email addresses. This can result in users being tricked into revealing sensitive information or performing unintended actions, potentially compromising security and trust.