CVE-2025-13183 HIGH

CVE-2025-13183: Stored XSS in Hotech's Otello

Vendor Hotech Software Inc.

Product Otello

Weakness CWE-79 · XSS

Published December 23, 2025

Last update June 4, 2026

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hotech Software Inc. Otello allows Stored XSS. This issue affects Otello: from 2.4.0 before 2.4.4.

Key dates

02Disclosure timeline

December 23, 2025 CVE published

June 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13183 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-69360 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability CVE-2023-3542 ThinuTech ThinuCMS contact.php cross site scripting CVE-2024-36205 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2026-5255 code-projects Simple Laundry System Parameter delstaffinfo.php cross site scripting CVE-2024-34357 TYPO3 vulnerable to Cross-Site Scripting in ShowImageController