CVE-2025-12776

Name of the Vulnerable Software and Affected Versions WebConsole (affected versions not specified)

Description The Report Builder component stores user input directly into a web page and displays it to other users, potentially leading to a Cross-Site Scripting (XSS) attack. The scripts are executed when a report is modified by a user with edit permissions, not when the report is run by end users. The WebConsole package is end of life and is no longer maintained. It is strongly recommended to avoid installing or using it in production environments. If used, it must be deployed within a fully isolated network with no access to sensitive data or internet connectivity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.