CVE-2025-60948 MEDIUM

CVE-2025-60948: Census CSWeb stored XSS

Vendor Census
Product CSWeb
Weakness CWE-79 · XSS
Published March 23, 2026
Last update March 25, 2026

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha.

Key dates

02Disclosure timeline

March 23, 2026 CVE published
March 25, 2026 Record updated

Related vulnerabilities

04Related CVE