CVE-2025-41065

Name of the Vulnerable Software and Affected Versions LUNA software version 7.5.5.6

Description A stored Cross-Site Scripting (XSS) issue exists in LUNA software. This allows an attacker to execute JavaScript code in a victim’s browser by injecting a malicious payload through the 'Edit Batch Name' function. The payload is stored by the application and displayed without proper sanitization when accessed by other users. This can lead to the theft of sensitive user data, such as session cookies, or actions performed on behalf of the user. The vulnerable function is Edit Batch Name.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the 'Edit Batch Name' function until a patch is available.