CVE Catalog

CVE-2025-13902

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile - higher than 31% of all known CVEs

Summary

A Cross-site Scripting (CWE-79) vulnerability exists that allows authenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim hovers over a maliciously crafted element on a web server containing the injected payload.

Risk Assessment

Attackers can exploit this vulnerability to hijack user sessions or steal data, posing a significant security threat to the organization.

Recommendation

It is recommended to implement proper input filtering and validation to prevent malicious code injection and to regularly update the software.

Original NVD description (English source)

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS