CVE-2025-40772

CVSS v3.1

7.4

Vector

AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SiPass integrated versions prior to 3.0

Description The SiPass integrated server applications are susceptible to stored Cross-Site Scripting (XSS). Successful exploitation enables an attacker to inject malicious code that executes in other users' browsers when they access the affected page. This can lead to impersonation of other users and theft of session data, potentially resulting in unauthorized access and privilege escalation.

Recommendations Update SiPass integrated to version 3.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-40772

Affected Products

Sipass Integrated

CVE-2025-40772

Weakness Enumeration

Related Identifiers

Affected Products

References · 4