CVE-2025-63418

Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3

Description A DOM-based Cross-Site Scripting (XSS) issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves injecting payloads via the browser's developer console. The root cause is the application's client-side code being vulnerable to direct DOM manipulation without proper sanitization or a Content Security Policy (CSP). This could potentially lead to account takeover and data theft.

Recommendations Apply a Content Security Policy (CSP) to mitigate DOM-based XSS attacks. Sanitize all user-supplied data before rendering it in the DOM.