CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-66574

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 15.6%

CVSS Severity

CVSS v3 Score 5.4

References

https://compassplustechnologies.com/
https://www.exploit-db.com/exploits/52086
https://www.vulncheck.com/advisories/tranzaxis-32411026-stored-cross-site-scripting-xss
https://www.exploit-db.com/exploits/52086

Products affected by CVE-2025-66574

Compassplustechnologies » Tranzaxis » Version: 3.2.41.10.26

cpe:2.3:a:compassplustechnologies:tranzaxis:3.2.41.10.26

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66574

Products

Pricing

Contact Us