CVE-2025-61549

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-61549

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61549.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-61549

Published

2026-01-08T17:15:48.830Z

Modified

2026-03-14T12:45:25.101239Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the context of a victim s browser session

References

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61549

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61549.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.34"
            }
        ]
    }
]