CVE-2025-46545 Information
Apr 26, 2025
cve
Description
In Sherpa Orchestrator 141851 the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.
Reference
https://deiteriy.com https://gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7 https://sherparpa.com https://twitter.com/ArtyomBrylev
Related CNNVD
CNNVD-202507-100 (Published: 2025-07-02)
Share on: