Vulnerability Description
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their session using an "Unauthenticated Stored Cross-Site Scripting". The attacker is then able to ride the session of those users and can abuse their privileges on the "bestinformed Web" application.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-0423?
CVE-2025-0423 is a documented vulnerability. In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is ab...
How severe is CVE-2025-0423?
CVSS scoring is not yet available for CVE-2025-0423. Check NVD for updates.
Is there a patch for CVE-2025-0423?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.