CVE-2025-6078
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-02
Last updated on: 2025-11-03
Assigner: CERT/CC
Description
Description
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| partner | partner_web_application | * |
| partner | partner_software | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Partner Software's applications where an authenticated user can add notes containing HTML and JavaScript code because the input is not fully sanitized. This allows an attacker to insert malicious JavaScript into notes, leading to stored cross-site scripting (XSS) attacks.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious JavaScript in the context of other users viewing the notes, potentially leading to session hijacking, data theft, or unauthorized actions performed on behalf of users.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70