CVE-2025-14580

LOW

Qualitor < 8.20.78 - Cross-Site Scripting via cdscript Parameter

Title source: llm

Description

A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. The vendor confirms the existence of the issue: "We became aware of the issue through an earlier direct notification from the original reporter, and our engineering team promptly investigated and implemented the necessary corrective measures. (...) Updated versions containing the fix have already been provided to our customer base".

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.336201

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.336201

Exploit, Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.705193

Scores

CVSS v3 3.5

EPSS 0.0021

EPSS Percentile 10.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

qualitor/qualitor < 8.20.78

Published Dec 12, 2025

Tracked Since Feb 18, 2026