CVE-2025-13505 MEDIUM

CVE-2025-13505: Stored XSS in Datateam's Datactive

Vendor Datateam Information Technologies Inc.

Product Datactive

Weakness CWE-79 · XSS

Published December 2, 2025

Last update June 4, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS. This issue affects Datactive: from 2.13.34 before 2.14.0.6.

Key dates

02Disclosure timeline

December 2, 2025 CVE published

June 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13505

Related vulnerabilities

04Related CVE

CVE-2026-34806 Endian Firewall /cgi-bin/snat.cgi remark Stored Cross-Site Scripting CVE-2025-46228 WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability CVE-2025-12667 GitHub Gist Shortcode Plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-5205 Videojs HTML5 Player <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via videojs_video Shortcode CVE-2026-7596 nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

Identifiers

CVE CVE-2025-13505

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Datateam Information Technologies Inc.

Product Datactive

Affected ≥ 2.13.34 and < 2.14.0.6