CVE-2025-66561
- Source
- https://cve.org/CVERecord?id=CVE-2025-66561
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66561.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66561
- Aliases
-
- GHSA-64vw-v5c4-mgvm
- Published
- 2025-12-04T22:27:52.015Z
- Modified
- 2025-12-13T04:56:02.133784Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)
- Details
-
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66561.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Git / github.com/syslifters/sysreptor
Affected ranges
- Type
- GIT
- Repo
- https://github.com/syslifters/sysreptor
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.101
0.102
0.110
0.83
0.87
0.89
0.95
0.96
2023.*
2023.114
2023.119
2023.122
2023.128
2023.136
2023.142
2023.145
2024.*
2024.1
2024.10
2024.13
2024.16
2024.19
2024.20
2024.28
2024.29
2024.3
2024.30
2024.40
2024.43
2024.49
2024.55
2024.57
2024.58
2024.60
2024.61
2024.63
2024.68
2024.69
2024.70
2024.74
2024.79
2024.8
2024.81
2024.91
2024.96
2025.*
2025.12
2025.20
2025.25
2025.29
2025.37
2025.4
2025.43
2025.50
2025.56
2025.64
2025.69
2025.74
2025.80
2025.81
2025.83
2025.90
2025.94
2025.96