CVE-2025-7761 MEDIUM

CVE-2025-7761: Reflected XSS in Lepszy BIP

Vendor Akcess-Net

Product Lepszy BIP

Weakness CWE-79 · XSS

Published August 14, 2025

Last update August 14, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did not respond in any way. Potentially all versions are vulnerable.

Key dates

02Disclosure timeline

August 14, 2025 CVE published

August 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7761 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-53237 WordPress WP Wizard Cloak Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability CVE-2025-64585 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook CVE-2022-23053 Openmct XSS via the “Condition Widget” CVE-2025-9562 Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode