CVE-2025-64710 MEDIUM

CVE-2025-64710: Bitplatform Boilerplate has cross-site scripting vulnerability

Vendor Bitfoundation
Product bitplatform
Weakness CWE-79 · XSS
Published November 13, 2025
Last update January 14, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting (XSS) vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web applications. Applications based on this Bitplatform Boilerplate might also be vulnerable. Version 9.11.3 fixes the issue.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
January 14, 2026 Record updated