← Back

CVE-2025-61074

nvd nist
Published: Dec 9, 2025Modified: Jan 14, 2026

JSON object

Loading...
4.6
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Exploitability: 2.1 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A stored Cross Site Scripting (XSS) vulnerability in the bulletin board (SchwarzeBrett) in adata Software GmbH Mitarbeiter Portal 2.15.2.0 allows remote authenticated users to execute arbitrary JavaScript code in the web browser of other users via manipulation of the 'Inhalt' parameter of the '/SchwarzeBrett/Nachrichten/CreateNachricht' or '/SchwarzeBrett/Nachrichten/EditNachricht/' requests.

Affected (1)

Adata
1 product
Mitarbeiter Portal
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Mitarbeiter Portal
Before 2.16.1

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Product

Timeline

No history available yet.