CVE-2025-0423 Information

Description

In the estinformed Web\ application some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their session using an �nauthenticated Stored Cross-Site Scripting. The attacker is then able to ride the session of those users and can abuse their privileges on the estinformed Web\ application.

Reference

https://www.cordaware.com/changelog/en/version-6_4_0_4-release-13_02_2025.html