CVE-2025-59467

CRITICAL EPSS 11.8%
Published Jan 5, 20265mo ago · Modified Jun 17, 20261w ago
9.6 CVSS 3.1
Critical
Find Similar
Published Jan 5, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.

CVSS Details

Base Score
9.6
Exploitability
2.8
Impact
6.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
11.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
uiargentina_afip_invoices* <1.3.0

References 1

  • community.ui.com https://community.ui.com/releases/Security-Advisory-Bulletin-057/6d3f2a51-22b8-47a1-9296-1e9dcd64e073
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.