CVE-2025-50927

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions EHCP version 20.04.1.b

Description A reflected cross-site scripting (XSS) vulnerability exists in the List All FTP User Function. Authenticated attackers can execute arbitrary JavaScript by injecting a crafted payload into the ftpusername parameter.

Recommendations As a temporary workaround, sanitize the ftpusername parameter to prevent the injection of malicious scripts.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-50927

Affected Products

Ehcp

CVE-2025-50927

Weakness Enumeration

Related Identifiers

Affected Products

References · 7