CVE-2025-1987

Name of the Vulnerable Software and Affected Versions: Psono-Client (affected versions not specified)

Description: A Cross-Site Scripting (XSS) issue has been identified in Psono-Client's handling of vault entries of type website password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries, allowing an attacker to craft a malicious vault entry with a javascript:URL. When the user interacts with this entry, the application will execute the malicious JavaScript in the context of the Psono vault, potentially giving the attacker access to the user's password vault and sensitive data.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.