CVE-2025-40700 MEDIUM

CVE-2025-40700: Reflected Cross-Site Scripting (XSS) in Governalia by IDI Eikon

Vendor Idi Eikon

Product Governalia

Weakness CWE-79 · XSS

Published December 2, 2025

Last update December 2, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.

Key dates

02Disclosure timeline

December 2, 2025 CVE published

December 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40700

Related vulnerabilities

04Related CVE

CVE-2025-23795 WordPress Easy FAQs plugin <= 3.2.1 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-47091 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-62761 WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.17.0.1 - Cross Site Scripting (XSS) vulnerability CVE-2023-3540 SimplePHPscripts NewsLetter Script PHP URL Parameter preview.php cross site scripting CVE-2025-55287 Genealogy has a stored XSS vulnerability