Shodan
Vulnerabilities
Vulnerable Software
Sync-In:  >> Sync-In Server  >> 1.2.1  Security Vulnerabilities
CVE-2025-67438
A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information, including the user's session cookies.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved