CVE-2025-0971 MEDIUM

CVE-2025-0971: Zenvia Movidesk Profile Editing EditProfile cross site scripting

Vendor Zenvia
Product Movidesk
Weakness CWE-79 · XSS
Published February 2, 2025
Last update February 12, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

February 2, 2025 CVE published
February 12, 2025 Record updated