CVE-2025-52344
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-02-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| explorance | blue | 8.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability consists of multiple Cross-Site Scripting (XSS) flaws in Explorance Blue version 8.1.2. Attackers can inject arbitrary JavaScript code into input fields such as Group Name, Project Description, Detials, and Option. This injected code executes in the browser of users who view the affected pages, either immediately (reflected XSS) or when the project is published (stored XSS). [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows attackers to execute arbitrary JavaScript in the context of logged-in users. This can lead to session hijacking, redirection to malicious websites (such as fake login pages to steal credentials), content defacement, and theft of sensitive information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the input fields (Group Name, Project Description, Detials, and Option) in Explorance Blue 8.1.2 for Cross-Site Scripting (XSS) by injecting typical XSS payloads and observing if the JavaScript executes. For example, you can create a new project and insert a simple XSS payload such as <script>alert(1)</script> in the Group Name or Project Description fields to check for reflected XSS. Similarly, add a new survey question with payloads in the Detials and Option fields to test for stored XSS. There are no specific network commands provided, but manual or automated web application security testing tools (like OWASP ZAP or Burp Suite) can be used to automate these tests. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying strict input validation and output encoding on all user-supplied fields to prevent injection of malicious scripts. Additionally, implement a Content Security Policy (CSP) to restrict the execution of untrusted scripts in the browser. Since no official vendor patch is currently available, these measures help reduce the risk of exploitation. [1]