CVE-2025-63243
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pixeon | weblaudos | 25.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected cross-site scripting (XSS) issue in the password change functionality of Pixeon WebLaudos 25.1. An attacker can create a malicious URL that, when clicked by a user, executes arbitrary JavaScript code in the user's browser within the context of the vulnerable application. This happens through the sle_sSenha parameter in the loginAlterarSenha.asp file.
How can this vulnerability impact me? :
The vulnerability can allow attackers to steal session cookies, disclose sensitive information, perform unauthorized actions on behalf of the user, or conduct phishing attacks.