CVE-2025-0971 | Zenvia Movidesk up to 25.01.22 Profile Editing /Account/EditProfile username cross site scripting

Posted by Angelo Barbosa | Feb 2, 2025 | CVE

A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting.

This vulnerability is handled as CVE-2025-0971. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-0971 | Zenvia Movidesk up to 25.01.22 Profile Editing /Account/EditProfile username cross site scripting

Related Posts

CVE-2023-52094 | Trend Micro Apex One Security Agent Security Agent Updater link following

CVE-2024-10298 | PHPGurukul Medical Card Generation System 1.0 Managecard Edit Card Detail Page edit-card-detail.php editid sql injection

CVE-2024-34882 | 1C-Bitrix Bitrix24 23.300.100 SMTP Server Setting insufficiently protected credentials

CVE-2024-53426 | ntopng 6.2 Flow::dissectMDNS heap-based overflow