CVE Catalog

CVE-2025-63260

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

An XSS vulnerability in SyncFusion 30.1.37 allows injection of malicious JavaScript code via the Document-Editor reply to comment field and the Chat-UI chat message.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions within the victim's browser context.

Recommendation

Immediately update SyncFusion to the latest patched version and implement input validation and encoding for comment and chat message fields.

Original NVD description (English source)

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS