CVE-2025-61550

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-61550

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61550.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-61550

Published

2026-01-08T17:15:48.940Z

Modified

2026-03-14T12:45:25.523252Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-Site Scripting (XSS) is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions

References

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61550.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.34"
            }
        ]
    }
]