CVE-2025-6078

MEDIUM EPSS 26.2%

Published Aug 2, 202511mo ago · Modified Jun 17, 20261w ago

5.4 CVSS 3.1

Medium

Published Aug 2, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).

CVSS Details

Base Score

5.4

Exploitability

2.3

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

26.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

References 3

kb.cert.org https://kb.cert.org/vuls/id/317469
partnersoftware.com https://partnersoftware.com/resources/software-release-info-4-32/
kb.cert.org https://www.kb.cert.org/vuls/id/317469

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.