CVE-2025-1420 Information

Description

Input provided in a field containing ctivationMessage\ in Konsola Proget is not sanitized correctly allowing a high-privileged user to perform a Stored Cross-Site Scripting attack.

This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

Reference

https://cert.pl/en/posts/2025/05/CVE-2025-1415 https://proget.pl/en/mobile-device-management/