CVE-2025-1420 LOW

CVE-2025-1420: XSS in Proget MDM

Vendor Proget

Product Proget

Weakness CWE-79 · XSS

Published May 21, 2025

Last update May 21, 2025

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

Key dates

02Disclosure timeline

May 21, 2025 CVE published

May 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1420 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-1420: XSS in Proget MDM

01Description

02Disclosure timeline

03References

04Related CVE