CVE-2025-25035
HIGHJalios JPlatform < 10.0.8 - Reflected and Stored Cross-Site Scripting
Title source: llmDescription
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1, Jalios Workplace 6.0, and Jalios Workplace 5.3 to 5.5
References (5)
Core 5
Core References
Various Sources
https://issues.jalios.com/browse/JCMS-11246
Various Sources
https://issues.jalios.com/browse/JCMS-11248
Various Sources
https://issues.jalios.com/browse/JCMS-11259
Third Party Advisory
https://vulncheck.com/advisories/jalios-jplatform-xss
Scores
CVSS v3
7.3
EPSS
0.0035
EPSS Percentile
27.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (3)
Jalios/JPlatform
< 10.0.6
Jalios/JPlatform
< 10.0.7
Jalios/JPlatform
< 10.0.8
Published
Mar 21, 2025
Tracked Since
Feb 18, 2026