CVE-2025-70368

Name of the Vulnerable Software and Affected Versions Worklenz version 2.1.5

Description Worklenz version 2.1.5 has a Stored Cross-Site Scripting (XSS) issue in the Project Updates feature. An attacker can inject a malicious payload into the Updates text field. This payload is then displayed in the reporting view without sufficient sanitization, potentially leading to the execution of malicious JavaScript in a victim’s browser when they access the page with the vulnerable field.

Recommendations Apply updates to resolve the issue. As a temporary workaround, consider sanitizing all user inputs in the Updates text field to prevent the injection of malicious scripts.