CVE-2025-22373

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021.

PUBLISHED Reserved 2025-01-03 | Published 2025-04-14 | Updated 2025-04-15 | Assigner DIVD

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Credits

Jesse Meijer (DIVD) finder

Frank Breedijk (DIVD) analyst

References

basec.sicomm.net/login/ product

csirt.divd.nl/DIVD-2025-00001 third-party-advisory

csirt.divd.nl/CVE-2025-22373 third-party-advisory

cve.org (CVE-2025-22373)

nvd.nist.gov (CVE-2025-22373)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.