CVE-2025-61949 MEDIUM

CVE-2025-61949

Vendor Logstare Inc.

Product LogStare Collector (for Windows)

Weakness CWE-79 · XSS

Published November 21, 2025

Last update November 21, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.

Key dates

02Disclosure timeline

November 21, 2025 CVE published

November 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-61949 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-42022 IBM InfoSphere Information Server cross-site scripting CVE-2024-4635 Menu Icons by ThemeIsle <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload CVE-2026-0833 Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link CVE-2025-67537 WordPress ThirstyAffiliates plugin <= 3.11.8 - Cross Site Scripting (XSS) vulnerability CVE-2026-0724 WPlyr Media Block <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter

Identifiers

CVE CVE-2025-61949

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Logstare Inc.

Product LogStare Collector (for Windows)

Affected 2.4.1 and earlier

Vendor Logstare Inc.

Product LogStare Collector (for Linux)

Affected 2.4.1 and earlier