CVE-2025-54965

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2

Description An XSS issue exists in the SOCET GXP Job Status Service. The service does not properly sanitize the job ID parameter before using it in the job status page. An attacker may be able to execute arbitrary JavaScript in a victim's browser by social engineering a user into clicking a malicious link. The API endpoint involved is the job status page. The vulnerable parameter is job ID.

Recommendations Update BAE SOCET GXP to version 4.6.0.2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-54965

Affected Products

Socet Gxp

CVE-2025-54965

Weakness Enumeration

Related Identifiers

Affected Products

References · 6