CVE-2025-59430

Name of the Vulnerable Software and Affected Versions Mesh Connect JS SDK versions prior to 3.3.2

Description Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. A lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This allows access to the parent page DOM, storage, session, and cookies. If an attacker can specify customIframeId, they can hijack the source of existing iframes.

Recommendations Update to Mesh Connect JS SDK version 3.3.2 or later.