CVE-2025-0607
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-06
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| logo_software_inc | logo_cloud | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-116 | The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). It occurs in Logo Software Inc.'s Logo Cloud product before version 2.57. The issue allows attackers to perform phishing attacks by injecting malicious scripts into web pages viewed by other users.
How can this vulnerability impact me? :
This vulnerability can impact you by enabling attackers to execute malicious scripts in your web application context, potentially leading to phishing attacks. This can result in unauthorized access to sensitive information, session hijacking, or other malicious activities that compromise user security and trust.