CVE-2025-64758

Name of the Vulnerable Software and Affected Versions Dependency-Track versions prior to 4.13.6

Description Dependency-Track, an open source Component Analysis platform, contains a weakness in its frontend application. Specifically, versions before 4.13.6 do not properly sanitize HTML when rendering a welcome message on the login page. This allows users with the SYSTEM CONFIGURATION permission (administrators) to execute arbitrary JavaScript for users accessing the login page. The welcome message is configured via HTML and is intended for branding purposes.

Recommendations Update to version 4.13.6 or later.