Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Kubysoft

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-59904
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-16 Feb, 2026 | 09:55
Updated-18 Feb, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross-Site Scripting vulnerability in Kubysoft

Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource.

Action-Not Available
Vendor-Kubysoft
Product-Kubysoft
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-59903
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-16 Feb, 2026 | 09:55
Updated-18 Feb, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross-Site Scripting (XSS) in Kubysoft

Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromised resource.

Action-Not Available
Vendor-Kubysoft
Product-Kubysoft
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-59905
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-16 Feb, 2026 | 09:49
Updated-18 Feb, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting (XSS) in Kubysoft

Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the victim's browser.

Action-Not Available
Vendor-Kubysoft
Product-Kubysoft
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')