CVE-2025-6078 | THREATINT

Description

Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).

PUBLISHED Reserved 2025-06-13 | Published 2025-08-02 | Updated 2025-11-03 | Assigner certcc

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

4.32 (custom) before 4.32.2

affected

References

kb.cert.org/vuls/id/317469

www.kb.cert.org/vuls/id/317469

partnersoftware.com/resources/software-release-info-4-32/

cve.org (CVE-2025-6078)

nvd.nist.gov (CVE-2025-6078)

Download JSON