CVE-2025-0984

Summary

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.

This issue affects E-Flow: before 3.23.00.

Affected Software

VendorProductVersion RangeStatus
Netoloji SoftwareE-Flow0 < 3.23.00affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References