CVE-2025-63416

Description

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrative data and functions, leading to privilege escalation and full compromise of sensitive user data, as demonstrated by the ability to fetch and exfiltrate the contents of the /admin/users endpoint.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-05 | Updated 2025-11-05 | Assigner mitre

References

self.best

rohitchaudhary045.medium.com/...lege-escalation-b4c69d8487f1

cve.org (CVE-2025-63416)

nvd.nist.gov (CVE-2025-63416)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.