CVE-2025-60646

Name of the Vulnerable Software and Affected Versions Xxl-api version 1.3.0

Description A stored cross-site scripting (XSS) issue exists in the Business Line Management module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Name parameter.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing the Name parameter to prevent the injection of malicious scripts.