CVE-2025-65300

Name of the Vulnerable Software and Affected Versions Coohom SaaS Platform version 1760060603897 (2025-10-28)

Description A stored Cross-Site Scripting (XSS) issue exists in the Account Settings module. The issue occurs because unsanitized user input in Address fields, specifically City, State, and Country/Region, is rendered back to the page. An attacker can inject arbitrary JavaScript code that executes when the affected profile page is viewed, potentially leading to session hijacking, cookie theft, or arbitrary script execution in the victim's browser.

Recommendations Sanitize user input in the Address fields (City, State, Country/Region) within the Account Settings module to prevent the injection of malicious scripts.