cvedb.io
CVE-2025-6078
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-08-02T03:15:24.440 · Last modified 2026-06-17T10:01:06.550

Summary

Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.