CVE-2025-2488 Information
May 03, 2025
cve
Description
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting (XSS).This issue affects SambaBox: before 5.1.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Reference
https://sambabox.io/2025/04/14/version-5-1/ https://www.usom.gov.tr/bildirim/tr-25-0101
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
4.0
Share on: