CVE-2025-40834
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-17
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mendix | richtext | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Mendix RichText versions 4.0.0 up to but not including 4.6.1. The affected widget does not properly neutralize input, which means it fails to sanitize user input correctly. As a result, an attacker could exploit this flaw to perform cross-site scripting (XSS) attacks, potentially injecting malicious scripts into web pages viewed by other users.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute cross-site scripting attacks, which may lead to the compromise of user data, session hijacking, or the execution of malicious scripts in the context of the affected application. This could result in unauthorized actions performed on behalf of users or exposure of sensitive information.