CVE-2025-69020

Name of the Vulnerable Software and Affected Versions Tribulant Software Newsletters newsletters-lite versions through 4.12

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks. The vulnerability exists in the way the application handles user-supplied data when generating web pages.

Recommendations Versions prior to 4.12 should be updated.