CVE Catalog
CVE-2025-63260
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.16%
5th percentile - higher than 5% of all known CVEs
Summary
An XSS vulnerability in SyncFusion 30.1.37 allows injection of malicious JavaScript code via the Document-Editor reply to comment field and the Chat-UI chat message.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions within the victim's browser context.
Recommendation
Immediately update SyncFusion to the latest patched version and implement input validation and encoding for comment and chat message fields.
Original NVD description (English source)
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.

