CVE-2025-1987 Information

Jun 22, 2025 cve

Description

A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example by clicking or opening it) the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim’s browser potentially giving them access to the user’s password vault and sensitive data.

Reference

https://bitdefender.com/support/support/security-advisories/stored-xss-in-psono-client-via-malicious-vault-entry-urls https://bitdefender.com/support/support/security-advisories/stored-xss-in-psono-client-via-malicious-vault-entry-urls

CNNVD-202506-2879 (Published: 2025-06-21)

Share on:

CVE-2025-1987 Information

Description

Reference

Related CNNVD