CVE-2025-0424 Information

Description

In the estinformed Web\ application some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their session using an \Authenticated Stored Cross-Site Scripting. Those other users might have more privileges than the attacker enabling a form of horizontal movement.

Reference

https://www.cordaware.com/changelog/en/version-6_4_0_4-release-13_02_2025.html