CVE-2025-61074

Name of the Vulnerable Software and Affected Versions adata Software GmbH Mitarbeiter Portal version 2.15.2.0

Description A stored Cross Site Scripting (XSS) issue exists in the bulletin board (SchwarzeBrett) component. This allows a remote authenticated user to execute arbitrary JavaScript code within the web browser of other users. The issue is triggered by manipulating the Inhalt parameter of the following API endpoints: '/SchwarzeBrett/Nachrichten/CreateNachricht' '/SchwarzeBrett/Nachrichten/EditNachricht/'

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the Inhalt parameter to prevent the injection of malicious scripts.