CVE-2025-58971

Name of the Vulnerable Software and Affected Versions AmentoTech Doctreat versions through 1.6.7

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists because the application does not properly sanitize user-supplied input before including it in the generated web page. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser. The affected application does not have any specific API endpoints or vulnerable parameters mentioned in the description.

Recommendations Versions prior to and including 1.6.7 should be updated to a newer, secure version when available.