CVE-2025-8910 MEDIUM

CVE-2025-8910: WellChoose|Organization Portal System - Reflected Cross-site Scripting

Vendor Wellchoose
Product Organization Portal System
Weakness CWE-79 · XSS
Published August 13, 2025
Last update August 13, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

Key dates

02Disclosure timeline

August 13, 2025 CVE published
August 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-4383 Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-6778 Cross-site Scripting (XSS) - Stored in allegroai/clearml-server CVE-2023-5901 Cross-site Scripting in pkp/pkp-lib CVE-2022-45365 WordPress Stock Ticker Plugin <= 3.23.2 is vulnerable to Cross Site Scripting (XSS) CVE-2026-7421 Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting