[Attack Vectors] > It was detected that a Stored XSS vulnerability in the Attributes management workflow. An attacker can insert JavaScript into the Name field when adding a new Attribute Group (Catalog > Attributes > Specification attributes > Add Group > Name input field). To exploit the vulnerability, privileged users should visit the "Specification attributes page.
Assigned CVE code: > CVE-2025-65589 [Discoverer] > AlterSec t/a PenTest.NZ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
