CVE-2025-3894

MEDIUM

MegaBIP < 5.19 - Authenticated Stored Cross-Site Scripting in Text Editor

Title source: llm
STIX 2.1

Description

Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required.   Version 5.20 of MegaBIP fixes this issue.

References (3)

Core 3

Scores

CVSS v4 4.8
EPSS 0.0036
EPSS Percentile 28.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Jan Syski/MegaBIP < 5.19
Published May 23, 2025
Tracked Since Feb 18, 2026