ByteOS Network

Vulnerability Details :

CVE-2025-25035

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-21 Mar, 2025 | 19:02

Updated At-21 Mar, 2025 | 19:38

Jalios JPlatform 10 Multiple Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1, Jalios Workplace 6.0, and Jalios Workplace 5.3 to 5.5

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulnCheck

Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At:21 Mar, 2025 | 19:02

Updated At:21 Mar, 2025 | 19:38

▼CVE Numbering Authority (CNA)

Jalios JPlatform 10 Multiple Cross-Site Scripting (XSS)

Affected Products

Vendor

Jalios

Product

JPlatform

Default Status

affected

Versions

Affected

From 0 before 10.0.8 (custom)
From 0 before 10.0.7 (custom)
From 0 before 10.0.6 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Version: 3.1

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Impacts

CAPEC ID	Description
CAPEC-591	CAPEC-591 Reflected XSS
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-591

Description: CAPEC-591 Reflected XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Credits

finder

Arthur Deloffre (Vozec)

finder

Tristan Bizien (Bizi)

References

Hyperlink	Resource
https://community.jalios.com/jcms/jc1_893720/en/security-alert-2025-02-19	N/A
https://issues.jalios.com/browse/JCMS-11259	N/A
https://issues.jalios.com/browse/JCMS-11246	N/A
https://issues.jalios.com/browse/JCMS-11248	N/A
https://vulncheck.com/advisories/jalios-jplatform-xss	N/A

Hyperlink: https://community.jalios.com/jcms/jc1_893720/en/security-alert-2025-02-19

Resource: N/A

Hyperlink: https://issues.jalios.com/browse/JCMS-11259

Resource: N/A

Hyperlink: https://issues.jalios.com/browse/JCMS-11246

Resource: N/A

Hyperlink: https://issues.jalios.com/browse/JCMS-11248

Resource: N/A

Hyperlink: https://vulncheck.com/advisories/jalios-jplatform-xss

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:disclosure@vulncheck.com

Published At:21 Mar, 2025 | 19:15

Updated At:21 Mar, 2025 | 19:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N