CVE-2025-56320
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk31th percentile - higher than 31% of all known CVEs
Summary
A Stored XSS vulnerability in the chat component of CobbleStone Enterprise Contract Management Portal v22.4.0 allows a remote attacker to execute arbitrary code in the victim's browser. The vendor states this issue is present only in an obsolete, unsupported version no longer in circulation.
Risk Assessment
The risk involves potential session hijacking, data theft, or malware propagation within the organization if the vulnerable version is still in use.
Recommendation
Immediately upgrade to the latest supported version of CobbleStone Enterprise Contract Management Portal or decommission version 22.4.0.
Original NVD description (English source)
CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."

