Vulnerability Details CVE-2025-66561
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.1%
CVSS Severity
CVSS v3 Score 7.3
Products affected by CVE-2025-66561
-
cpe:2.3:a:syslifters:sysreptor:0.101
-
cpe:2.3:a:syslifters:sysreptor:0.102
-
cpe:2.3:a:syslifters:sysreptor:0.110
-
cpe:2.3:a:syslifters:sysreptor:0.76
-
cpe:2.3:a:syslifters:sysreptor:0.83
-
cpe:2.3:a:syslifters:sysreptor:0.87
-
cpe:2.3:a:syslifters:sysreptor:0.89
-
cpe:2.3:a:syslifters:sysreptor:0.95
-
cpe:2.3:a:syslifters:sysreptor:0.96
-
cpe:2.3:a:syslifters:sysreptor:2023.114
-
cpe:2.3:a:syslifters:sysreptor:2023.119
-
cpe:2.3:a:syslifters:sysreptor:2023.122
-
cpe:2.3:a:syslifters:sysreptor:2023.128
-
cpe:2.3:a:syslifters:sysreptor:2023.136
-
cpe:2.3:a:syslifters:sysreptor:2023.142
-
cpe:2.3:a:syslifters:sysreptor:2023.145
-
cpe:2.3:a:syslifters:sysreptor:2024.1
-
cpe:2.3:a:syslifters:sysreptor:2024.10
-
cpe:2.3:a:syslifters:sysreptor:2024.13
-
cpe:2.3:a:syslifters:sysreptor:2024.16
-
cpe:2.3:a:syslifters:sysreptor:2024.19
-
cpe:2.3:a:syslifters:sysreptor:2024.20
-
cpe:2.3:a:syslifters:sysreptor:2024.28
-
cpe:2.3:a:syslifters:sysreptor:2024.29
-
cpe:2.3:a:syslifters:sysreptor:2024.3
-
cpe:2.3:a:syslifters:sysreptor:2024.30
-
cpe:2.3:a:syslifters:sysreptor:2024.40
-
cpe:2.3:a:syslifters:sysreptor:2024.43
-
cpe:2.3:a:syslifters:sysreptor:2024.49
-
cpe:2.3:a:syslifters:sysreptor:2024.55
-
cpe:2.3:a:syslifters:sysreptor:2024.57
-
cpe:2.3:a:syslifters:sysreptor:2024.58
-
cpe:2.3:a:syslifters:sysreptor:2024.60
-
cpe:2.3:a:syslifters:sysreptor:2024.61
-
cpe:2.3:a:syslifters:sysreptor:2024.63
-
cpe:2.3:a:syslifters:sysreptor:2024.68
-
cpe:2.3:a:syslifters:sysreptor:2024.69
-
cpe:2.3:a:syslifters:sysreptor:2024.70
-
cpe:2.3:a:syslifters:sysreptor:2024.74
-
cpe:2.3:a:syslifters:sysreptor:2024.79
-
cpe:2.3:a:syslifters:sysreptor:2024.8
-
cpe:2.3:a:syslifters:sysreptor:2024.81
-
cpe:2.3:a:syslifters:sysreptor:2024.91
-
cpe:2.3:a:syslifters:sysreptor:2024.96
-
cpe:2.3:a:syslifters:sysreptor:2025.12
-
cpe:2.3:a:syslifters:sysreptor:2025.20
-
cpe:2.3:a:syslifters:sysreptor:2025.25
-
cpe:2.3:a:syslifters:sysreptor:2025.29
-
cpe:2.3:a:syslifters:sysreptor:2025.37
-
cpe:2.3:a:syslifters:sysreptor:2025.4
-
cpe:2.3:a:syslifters:sysreptor:2025.43
-
cpe:2.3:a:syslifters:sysreptor:2025.50
-
cpe:2.3:a:syslifters:sysreptor:2025.56
-
cpe:2.3:a:syslifters:sysreptor:2025.64
-
cpe:2.3:a:syslifters:sysreptor:2025.69
-
cpe:2.3:a:syslifters:sysreptor:2025.74
-
cpe:2.3:a:syslifters:sysreptor:2025.80
-
cpe:2.3:a:syslifters:sysreptor:2025.81
-
cpe:2.3:a:syslifters:sysreptor:2025.83
-
cpe:2.3:a:syslifters:sysreptor:2025.90
-
cpe:2.3:a:syslifters:sysreptor:2025.94
-
cpe:2.3:a:syslifters:sysreptor:2025.96