CVE-2025-29526
MEDIUMQ4 Inc Investor Relations Platform <5.147.1.2 - XSS
Title source: llmDescription
A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter.
References (2)
Core 2
Core References
Various Sources
https://docs.google.com/document/d/15vZXyzddcOv61sFSb3Lf9Dg1rnZ9n3Q6ANoa82jzcNA/edit?usp=sharing
Various Sources
https://gist.github.com/k4nt0r/6ee5bfe9215cb10a436a03c67cf908fd
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
10.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Published
Apr 23, 2025
Tracked Since
Feb 18, 2026