CVE-2025-30961

Name of the Vulnerable Software and Affected Versions tinuzz Trackserver versions n/a through 5.0.3

Description The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This is a type of cross-site scripting vulnerability where the attack occurs in the browser's Document Object Model.

Recommendations For versions n/a through 5.0.3, update to a version later than 5.0.3 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the web page. Avoid using user-supplied input in the DOM to minimize the risk of exploitation.