CVE-2025-65300

MEDIUM

Coohom - XSS

Title source: rule

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 (2025-10-28) in the Account Settings module, where unsanitized user input in Address fields (City, State, Country/Region) is rendered back to the page. Attackers can inject arbitrary JavaScript code, which executes when the affected profile page is viewed. This can lead to session hijacking, cookie theft, or arbitrary script execution in the victim's browser.

Exploits (1)

nomisec WRITEUP
by garux-sec · poc
https://github.com/garux-sec/CVE-2025-65300

References (2)

Scores

CVSS v3 5.4
EPSS 0.0006
EPSS Percentile 18.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
coohom/coohom 2025-10-28
Published Dec 09, 2025
Tracked Since Feb 18, 2026