Tranzaxis · Tranzaxis · CVE-2025-66574
**Name of the Vulnerable Software and Affected Versions**
TranzAxis version 3.2.41.10.26
**Description**
Authenticated users can inject cross-site scripting through the `Open Object in Tree` API endpoint. Successful exploitation may allow attackers to steal session cookies and potentially escalate privileges. The vulnerable parameter is not specified.
**Recommendations**
Apply updates to address the issue in TranzAxis version 3.2.41.10.26.