CVE-2025-57424

Name of the Vulnerable Software and Affected Versions MyCourts version 3

Description A stored cross-site scripting (XSS) issue exists in the LTA number profile field of the MyCourts v3 application. An attacker can inject arbitrary JavaScript code into their profile. This code will then execute in the browsers of users who view the profile, potentially including administrators. The lack of the HttpOnly flag on the session cookie could allow an attacker to capture session tokens and hijack user sessions, leading to elevated access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.