CVE-2025-40647

Name of the Vulnerable Software and Affected Versions Issabel version 5.0.0

Description A stored Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. The issue is triggered through the email parameter in the '/index.php?menu=address book' API endpoint. This allows for the injection of malicious scripts that can be stored and executed within the application.

Recommendations Update to a newer version that contains a fix for this vulnerability.