CVE-2025-64030

Name of the Vulnerable Software and Affected Versions Eximbills Enterprise version 4.1.5

Description The software is susceptible to authenticated stored cross-site scripting. The issue occurs due to unsanitized user input in the TMPL INFO parameter of the /EximBillWeb/servlets/WSTrxManager API endpoint. This allows for arbitrary JavaScript execution in the browsers of other users, as the input is stored server-side and then rendered.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing the TMPL INFO parameter before storing it server-side.