CVE-2025-51531

Medium CVSS: 6.1

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.

Vendor

Sagedpw

Product

Sage Dpw

CWE

CWE-79

Yayın Tarihi

2025-08-06 16:15:30

Güncelleme

2025-10-01 20:38:41

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Sage Dpw MEDIUM Sagedpw 2025

Referanslar

https://www.sec4you-pentest.com/schwachstelle/sage-dpw-schwachstelle-xss-in-db-monitor-tabfields/ https://www.sec4you-pentest.com/schwachstellen/

Benzer Kayıtlar

Medium

CVE-2025-67805

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Dat…

Low

CVE-2025-67806

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-67807

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-51533

An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access in…

High

CVE-2025-51532

Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Databa…

High

CVE-2024-56883

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are no…