CVE-2025-63260

Name of the Vulnerable Software and Affected Versions SyncFusion version 30.1.37

Description SyncFusion version 30.1.37 is subject to a Cross Site Scripting (XSS) issue. This issue affects the Document-Editor component’s reply to comment field and the Chat-UI Chat message functionality. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable areas involve user-supplied data handling within the Document-Editor and Chat-UI Chat features.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing user input in the reply to comment field of the Document-Editor component. Restrict access to the Chat-UI Chat message functionality to minimize the risk of exploitation.