CVE-2025-59589

Name of the Vulnerable Software and Affected Versions PenciDesign Soledad versions through 8.6.8

Description A flaw exists in PenciDesign Soledad that allows for DOM-Based Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into a web page viewed by other users. The affected API endpoints and vulnerable parameters are not specified.

Recommendations Update PenciDesign Soledad to a version later than 8.6.8.