CVE-2025-4075

Name of the Vulnerable Software and Affected Versions VMSMan up to 20250416

Description A problem was found in the software. It affects some unknown functionality of the file /login.php. The issue can be exploited by manipulating the Email argument with the input ">, leading to cross-site scripting. The attack can be launched remotely.

Recommendations For VMSMan up to 20250416, as a temporary workaround, consider restricting access to the /login.php file until a patch is available. Avoid using the Email argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.