CVE-2025-46545 MEDIUM

CVE-2025-46545

Vendor Sherpa
Product Orchestrator
Weakness CWE-79 · XSS
Published April 25, 2025
Last update April 25, 2025
View on NVD All CVEs

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

Key dates

02Disclosure timeline

April 25, 2025 CVE published
April 25, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23718 WordPress Mancx AskMe Widget plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-41021 Stored Cross-Site Scripting (XSS) vulnerability in Sergestec's Exito CVE-2025-59565 WordPress Upsell Order Bump Offer for WooCommerce Plugin <= 3.0.7 - Cross Site Scripting (XSS) Vulnerability CVE-2024-53742 WordPress Multilevel Referral Affiliate plugin for WooCommerce plugin <= 2.27 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-8340 code-projects Intern Membership Management System Error Message fill_details.php cross site scripting