PT-2025-29541 · Unknown · Crosseditor4
Published
2025-07-15
·
Updated
2025-07-30
·
CVE-2025-7672
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CrossEditor4 versions 4.0.0.01 through 4.6.0.23
Description
The improper default setting in the API modules of CrossEditor4 potentially allows Stored Cross-Site Scripting (XSS). Stored XSS is a type of security issue where malicious scripts are persistently stored on the target server and executed in the context of other users' browsers.
Recommendations
CrossEditor4 versions prior to 4.6.0.23 should be updated.
Fix
XSS
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Crosseditor4