CVE-2025-25035

HIGH

Jalios JPlatform < 10.0.8 - Reflected and Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1, Jalios Workplace 6.0, and Jalios Workplace 5.3 to 5.5

Scores

CVSS v3 7.3
EPSS 0.0035
EPSS Percentile 27.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (3)
Jalios/JPlatform < 10.0.6
Jalios/JPlatform < 10.0.7
Jalios/JPlatform < 10.0.8
Published Mar 21, 2025
Tracked Since Feb 18, 2026