CVE-2025-3894 Information

Description

Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required.   Version 5.20 of MegaBIP fixes this issue.

Reference

https://cert.pl/en/posts/2025/05/CVE-2025-3893 https://megabip.pl/index.php?id=24145 https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej