CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-51531

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.sec4you-pentest.com/schwachstelle/sage-dpw-schwachstelle-xss-in-db-monitor-tabfields/
https://www.sec4you-pentest.com/schwachstellen/

Products affected by CVE-2025-51531

Sagedpw » Sage Dpw » Version: 2020_06_000

cpe:2.3:a:sagedpw:sage_dpw:2020_06_000
Sagedpw » Sage Dpw » Version: 2020_06_001

cpe:2.3:a:sagedpw:sage_dpw:2020_06_001
Sagedpw » Sage Dpw » Version: 2020_06_002

cpe:2.3:a:sagedpw:sage_dpw:2020_06_002

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-51531

Products

Pricing

Contact Us