cvedb.io
CVE-2025-25363
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-03-13T18:15:50.733 · Last modified 2026-06-17T09:00:42.560

Summary

An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template.

Affected products

thepluginpeople — enterprise_mail_handler

Does this affect you?

Add your gear to cvedb and we'll alert you only when thepluginpeople ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.