CVE-2025-46545

medium

Description

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

References

https://twitter.com/ArtyomBrylev

https://sherparpa.com

https://gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7

https://deiteriy.com

Details

Source: Mitre, NVD

Published: 2025-04-25

Updated: 2025-04-25

Risk Information

CVSS v2

Base Score: 3.2

Vector: CVSS2#AV:N/AC:H/Au:M/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 4.4

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00028

Detections

Analytics