CVE-2025-61550

Published: Jan 8, 2026Modified: Feb 10, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions

Affected (1)

Products: Edubusinesssolutions: Print Shop Pro Webdesk

Edubusinesssolutions

1 product

Print Shop Pro Webdesk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Edubusinesssolutions Print Shop Pro Webdesk	Version 18.34

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.