CVE-2025-63021

Name of the Vulnerable Software and Affected Versions codetipi Valenti Engine versions through 1.0.3

Description The codetipi Valenti Engine software contains a flaw related to improper input handling during web page creation, which can lead to DOM-Based Cross-Site Scripting (XSS). This allows an attacker to potentially inject malicious scripts into web pages viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied data before it is incorporated into the web page's Document Object Model (DOM).

Recommendations Update codetipi Valenti Engine to a version beyond 1.0.3.