CVE-2025-49046

Name of the Vulnerable Software and Affected Versions LambertGroup xPromoter versions through 1.3.4

Description A Reflected Cross-site Scripting (XSS) issue exists in the top bar promoter component of LambertGroup xPromoter. This allows for improper neutralization of input during web page generation. The issue could potentially allow an attacker to inject malicious scripts into web pages viewed by other users.

Recommendations Update LambertGroup xPromoter to a version later than 1.3.4.