CVE-2025-30893

Name of the Vulnerable Software and Affected Versions LeadConnector versions n/a through 3.0.2

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a DOM-Based XSS vulnerability. This means that the LeadConnector software does not properly neutralize user input, allowing an attacker to inject malicious code into the web page, potentially leading to unauthorized access or control.

Recommendations For LeadConnector versions n/a through 3.0.2, consider disabling any functionality that allows user input to be directly injected into the DOM until a patch is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.