CVE-2025-63417

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3

Description A Stored Cross-Site Scripting (XSS) issue exists in the chat functionality of the SelfBest platform. Authenticated attackers can inject arbitrary web scripts or HTML through the chat message input field. This malicious content is stored and executed in the context of other users’ browsers when they view the message, potentially leading to session hijacking or account takeover.

Recommendations Update to a newer version that contains a fix for this vulnerability.