CVE-2025-45236

Name of the Vulnerable Software and Affected Versions DBSyncer version 2.0.6

Description A stored cross-site scripting (XSS) issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter.

Recommendations For DBSyncer version 2.0.6, consider disabling the Edit Profile feature until a patch is available to prevent exploitation of the stored XSS issue. Restrict access to the Nickname parameter to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this issue.