CVE-2025-3894

Summary

Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required.   Version 5.20 of MegaBIP fixes this issue.

Affected Software

VendorProductVersion RangeStatus
Jan SyskiMegaBIP0 <= 5.19affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References