PT-2025-17651 · Q4 · Q4 Inc Investor Relations Platform
K4Nt0R
+1
·
Published
2025-04-23
·
Updated
2025-04-23
·
CVE-2025-29526
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Q4 Inc Investor Relations Platform version 5.147.1.2
Description
A Cross-Site Scripting (XSS) issue in the search function allows attackers to execute arbitrary Javascript by injecting a crafted payload into the
SearchTerm parameter. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the platform.Recommendations
For Q4 Inc Investor Relations Platform version 5.147.1.2, consider restricting access to the search function until a patch is available, and avoid using the
SearchTerm parameter in the affected search endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Q4 Inc Investor Relations Platform