CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. The vulnerability is exploited via a specially crafted payload placed in an issue's summary field

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.6%

CVSS Severity

CVSS v3 Score 5.4

References

https://marketplace.atlassian.com/apps/1212626/worklogpro-timesheets-for-jira/version-history
https://thestarware.atlassian.net/wiki/spaces/WLP/pages/3326574597/Security+Advisory+CVE-2025-57681+-+Stored+XSS+in+WorklogPRO+DC

Products affected by CVE-2025-57681

Thestarware » Worklogpro » Version: Any

cpe:2.3:a:thestarware:worklogpro:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-57681

Products

Pricing

Contact Us