CVE-2025-58238

Name of the Vulnerable Software and Affected Versions ONTRAPORT PilotPress versions through 2.0.35

Description A flaw exists in ONTRAPORT PilotPress that allows for Stored Cross-site Scripting (XSS). This issue arises from improper handling of input during the creation of web pages. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability affects the application’s ability to sanitize user-supplied data before rendering it in the web interface.

Recommendations Update ONTRAPORT PilotPress to a version later than 2.0.35.