PT-2025-42634 · Unknown · Enterprise Contract Management Portal

Published

2025-10-17

Updated

2026-03-04

CVE-2025-56320

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Enterprise Contract Management Portal version 22.4.0

Description The Enterprise Contract Management Portal version 22.4.0 is susceptible to Stored Cross-Site Scripting (XSS) within the chat box component. This allows a remote attacker to execute arbitrary code. The issue involves the injection of malicious scripts that are stored on the target server and subsequently executed in the context of other users' browsers.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing all user inputs to the chat box component to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-56320

Affected Products

Enterprise Contract Management Portal

PT-2025-42634 · Unknown · Enterprise Contract Management Portal

CVE-2025-56320

Weakness Enumeration

Related Identifiers

Affected Products

References · 8