PT-2025-4117 · Zenvia · Zenvia Movidesk

Y4G0

Published

2025-02-02

Updated

2025-02-03

CVE-2025-0971

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zenvia Movidesk versions prior to 25.01.22.245a473c54

Description A problematic issue was found in Zenvia Movidesk, affecting some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the username argument leads to cross-site scripting. The attack may be launched remotely.

Recommendations For versions prior to 25.01.22.245a473c54, upgrade to version 25.01.22.245a473c54 to address this issue. As a temporary workaround, consider restricting access to the /Account/EditProfile endpoint until the upgrade is applied. Avoid using the username argument in the affected endpoint until the issue is resolved.

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-0971

Affected Products

Zenvia Movidesk

PT-2025-4117 · Zenvia · Zenvia Movidesk

CVE-2025-0971

Weakness Enumeration

Related Identifiers

Affected Products

References · 7