CVE-2025-40700

Name of the Vulnerable Software and Affected Versions IDI Eikon Governalia (affected versions not specified)

Description A reflected Cross-Site Scripting (XSS) issue exists in IDI Eikon's Governalia. The issue allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL containing the q parameter to the '/search' API endpoint. Successful exploitation could lead to the theft of sensitive information, such as session cookies, or the performance of actions on behalf of the victim.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.