CVE-2025-63416

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3

Description A Stored Cross-Site Scripting (XSS) issue exists in the chat functionality of the SelfBest platform. Authenticated, low-privileged attackers can execute arbitrary JavaScript in the context of other users’ sessions. This can lead to access of administrative data and functions, potentially resulting in privilege escalation and compromise of sensitive user data. An example of exploitation involves fetching and exfiltrating the contents of the /admin/users API endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.