CVE-2025-40772

Name of the Vulnerable Software and Affected Versions SiPass integrated versions prior to 3.0

Description The SiPass integrated server applications are susceptible to stored Cross-Site Scripting (XSS). Successful exploitation enables an attacker to inject malicious code that executes in other users' browsers when they access the affected page. This can lead to impersonation of other users and theft of session data, potentially resulting in unauthorized access and privilege escalation.

Recommendations Update SiPass integrated to version 3.0 or later.