CVE-2025-61550
MEDIUMedu Business Solutions Print Shop Pro WebDesk <19.69 - XSS
Title source: llmDescription
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550
Scores
CVSS v3
5.4
EPSS
0.0004
EPSS Percentile
11.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
edubusinesssolutions/print_shop_pro_webdesk
18.34
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026