CVE-2025-57963

Name of the Vulnerable Software and Affected Versions Zoho Billing versions through 4.1

Description A flaw exists in Zoho Billing that allows for DOM-Based Cross-site Scripting (XSS). This issue arises from improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users.

Recommendations Update Zoho Billing to a version later than 4.1.