CVE-2025-61931

Summary

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.

Affected Software

VendorProductVersion RangeStatus
Implem Inc.Pleasanter1.4.20.0 and earlier versionsaffected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References