CVE-2025-14580 (GCVE-0-2025-14580)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:32 – Updated: 2025-12-15 18:11
VLAI?
Title
Qualitor viewDocumento.php cross site scripting
Summary
A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. The vendor confirms the existence of the issue: "We became aware of the issue through an earlier direct notification from the original reporter, and our engineering team promptly investigated and implemented the necessary corrective measures. (...) Updated versions containing the fix have already been provided to our customer base".
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Qualitor |
Affected:
8.24.0
Affected: 8.24.1 Affected: 8.24.2 Affected: 8.24.3 Affected: 8.24.4 Affected: 8.24.5 Affected: 8.24.6 Affected: 8.24.7 Affected: 8.24.8 Affected: 8.24.9 Affected: 8.24.10 Affected: 8.24.11 Affected: 8.24.12 Affected: 8.24.13 Affected: 8.24.14 Affected: 8.24.15 Affected: 8.24.16 Affected: 8.24.17 Affected: 8.24.18 Affected: 8.24.19 Affected: 8.24.20 Affected: 8.24.21 Affected: 8.24.22 Affected: 8.24.23 Affected: 8.24.24 Affected: 8.24.25 Affected: 8.24.26 Affected: 8.24.27 Affected: 8.24.28 Affected: 8.24.29 Affected: 8.24.30 Affected: 8.24.31 Affected: 8.24.32 Affected: 8.24.33 Affected: 8.24.34 Affected: 8.24.35 Affected: 8.24.36 Affected: 8.24.37 Affected: 8.24.38 Affected: 8.24.39 Affected: 8.24.40 Affected: 8.24.41 Affected: 8.24.42 Affected: 8.24.43 Affected: 8.24.44 Affected: 8.24.45 Affected: 8.24.46 Affected: 8.24.47 Affected: 8.24.48 Affected: 8.24.49 Affected: 8.24.50 Affected: 8.24.51 Affected: 8.24.52 Affected: 8.24.53 Affected: 8.24.54 Affected: 8.24.55 Affected: 8.24.56 Affected: 8.24.57 Affected: 8.24.58 Affected: 8.24.59 Affected: 8.24.60 Affected: 8.24.61 Affected: 8.24.62 Affected: 8.24.63 Affected: 8.24.64 Affected: 8.24.65 Affected: 8.24.66 Affected: 8.24.67 Affected: 8.24.68 Affected: 8.24.69 Affected: 8.24.70 Affected: 8.24.71 Affected: 8.24.72 Affected: 8.24.73 |
Credits
chor4o (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T18:06:21.441200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:11:46.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Qualitor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.24.0"
},
{
"status": "affected",
"version": "8.24.1"
},
{
"status": "affected",
"version": "8.24.2"
},
{
"status": "affected",
"version": "8.24.3"
},
{
"status": "affected",
"version": "8.24.4"
},
{
"status": "affected",
"version": "8.24.5"
},
{
"status": "affected",
"version": "8.24.6"
},
{
"status": "affected",
"version": "8.24.7"
},
{
"status": "affected",
"version": "8.24.8"
},
{
"status": "affected",
"version": "8.24.9"
},
{
"status": "affected",
"version": "8.24.10"
},
{
"status": "affected",
"version": "8.24.11"
},
{
"status": "affected",
"version": "8.24.12"
},
{
"status": "affected",
"version": "8.24.13"
},
{
"status": "affected",
"version": "8.24.14"
},
{
"status": "affected",
"version": "8.24.15"
},
{
"status": "affected",
"version": "8.24.16"
},
{
"status": "affected",
"version": "8.24.17"
},
{
"status": "affected",
"version": "8.24.18"
},
{
"status": "affected",
"version": "8.24.19"
},
{
"status": "affected",
"version": "8.24.20"
},
{
"status": "affected",
"version": "8.24.21"
},
{
"status": "affected",
"version": "8.24.22"
},
{
"status": "affected",
"version": "8.24.23"
},
{
"status": "affected",
"version": "8.24.24"
},
{
"status": "affected",
"version": "8.24.25"
},
{
"status": "affected",
"version": "8.24.26"
},
{
"status": "affected",
"version": "8.24.27"
},
{
"status": "affected",
"version": "8.24.28"
},
{
"status": "affected",
"version": "8.24.29"
},
{
"status": "affected",
"version": "8.24.30"
},
{
"status": "affected",
"version": "8.24.31"
},
{
"status": "affected",
"version": "8.24.32"
},
{
"status": "affected",
"version": "8.24.33"
},
{
"status": "affected",
"version": "8.24.34"
},
{
"status": "affected",
"version": "8.24.35"
},
{
"status": "affected",
"version": "8.24.36"
},
{
"status": "affected",
"version": "8.24.37"
},
{
"status": "affected",
"version": "8.24.38"
},
{
"status": "affected",
"version": "8.24.39"
},
{
"status": "affected",
"version": "8.24.40"
},
{
"status": "affected",
"version": "8.24.41"
},
{
"status": "affected",
"version": "8.24.42"
},
{
"status": "affected",
"version": "8.24.43"
},
{
"status": "affected",
"version": "8.24.44"
},
{
"status": "affected",
"version": "8.24.45"
},
{
"status": "affected",
"version": "8.24.46"
},
{
"status": "affected",
"version": "8.24.47"
},
{
"status": "affected",
"version": "8.24.48"
},
{
"status": "affected",
"version": "8.24.49"
},
{
"status": "affected",
"version": "8.24.50"
},
{
"status": "affected",
"version": "8.24.51"
},
{
"status": "affected",
"version": "8.24.52"
},
{
"status": "affected",
"version": "8.24.53"
},
{
"status": "affected",
"version": "8.24.54"
},
{
"status": "affected",
"version": "8.24.55"
},
{
"status": "affected",
"version": "8.24.56"
},
{
"status": "affected",
"version": "8.24.57"
},
{
"status": "affected",
"version": "8.24.58"
},
{
"status": "affected",
"version": "8.24.59"
},
{
"status": "affected",
"version": "8.24.60"
},
{
"status": "affected",
"version": "8.24.61"
},
{
"status": "affected",
"version": "8.24.62"
},
{
"status": "affected",
"version": "8.24.63"
},
{
"status": "affected",
"version": "8.24.64"
},
{
"status": "affected",
"version": "8.24.65"
},
{
"status": "affected",
"version": "8.24.66"
},
{
"status": "affected",
"version": "8.24.67"
},
{
"status": "affected",
"version": "8.24.68"
},
{
"status": "affected",
"version": "8.24.69"
},
{
"status": "affected",
"version": "8.24.70"
},
{
"status": "affected",
"version": "8.24.71"
},
{
"status": "affected",
"version": "8.24.72"
},
{
"status": "affected",
"version": "8.24.73"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "chor4o (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. The vendor confirms the existence of the issue: \"We became aware of the issue through an earlier direct notification from the original reporter, and our engineering team promptly investigated and implemented the necessary corrective measures. (...) Updated versions containing the fix have already been provided to our customer base\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T20:32:06.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336201 | Qualitor viewDocumento.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.336201"
},
{
"name": "VDB-336201 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336201"
},
{
"name": "Submit #705193 | Qualitor 8.20.77 - 8.24.73 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.705193"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-12T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-12T15:51:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Qualitor viewDocumento.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14580",
"datePublished": "2025-12-12T20:32:06.152Z",
"dateReserved": "2025-12-12T14:46:09.470Z",
"dateUpdated": "2025-12-15T18:11:46.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-14580\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-12-12T21:15:52.910\",\"lastModified\":\"2025-12-19T15:25:28.137\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. The vendor confirms the existence of the issue: \\\"We became aware of the issue through an earlier direct notification from the original reporter, and our engineering team promptly investigated and implemented the necessary corrective measures. (...) Updated versions containing the fix have already been provided to our customer base\\\".\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"},{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qualitor:qualitor:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.20.78\",\"matchCriteriaId\":\"5FB8EA92-943B-4DD7-82E1-985C761BE1A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qualitor:qualitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.24\",\"versionEndExcluding\":\"8.24.74\",\"matchCriteriaId\":\"7571AA64-64EC-48C8-9411-D9C263D6DF58\"}]}]}],\"references\":[{\"url\":\"https://vuldb.com/?ctiid.336201\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.336201\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.705193\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-14580\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-15T18:06:21.441200Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-15T18:06:23.731Z\"}}], \"cna\": {\"title\": \"Qualitor viewDocumento.php cross site scripting\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"chor4o (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4, \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Qualitor\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.24.0\"}, {\"status\": \"affected\", \"version\": \"8.24.1\"}, {\"status\": \"affected\", \"version\": \"8.24.2\"}, {\"status\": \"affected\", \"version\": \"8.24.3\"}, {\"status\": \"affected\", \"version\": \"8.24.4\"}, {\"status\": \"affected\", \"version\": \"8.24.5\"}, {\"status\": \"affected\", \"version\": \"8.24.6\"}, {\"status\": \"affected\", \"version\": \"8.24.7\"}, {\"status\": \"affected\", \"version\": \"8.24.8\"}, {\"status\": \"affected\", \"version\": \"8.24.9\"}, {\"status\": \"affected\", \"version\": \"8.24.10\"}, {\"status\": \"affected\", \"version\": \"8.24.11\"}, {\"status\": \"affected\", \"version\": \"8.24.12\"}, {\"status\": \"affected\", \"version\": \"8.24.13\"}, {\"status\": \"affected\", \"version\": \"8.24.14\"}, {\"status\": \"affected\", \"version\": \"8.24.15\"}, {\"status\": \"affected\", \"version\": \"8.24.16\"}, {\"status\": \"affected\", \"version\": \"8.24.17\"}, {\"status\": \"affected\", \"version\": \"8.24.18\"}, {\"status\": \"affected\", \"version\": \"8.24.19\"}, {\"status\": \"affected\", \"version\": \"8.24.20\"}, {\"status\": \"affected\", \"version\": \"8.24.21\"}, {\"status\": \"affected\", \"version\": \"8.24.22\"}, {\"status\": \"affected\", \"version\": \"8.24.23\"}, {\"status\": \"affected\", \"version\": \"8.24.24\"}, {\"status\": \"affected\", \"version\": \"8.24.25\"}, {\"status\": \"affected\", \"version\": \"8.24.26\"}, {\"status\": \"affected\", \"version\": \"8.24.27\"}, {\"status\": \"affected\", \"version\": \"8.24.28\"}, {\"status\": \"affected\", \"version\": \"8.24.29\"}, {\"status\": \"affected\", \"version\": \"8.24.30\"}, {\"status\": \"affected\", \"version\": \"8.24.31\"}, {\"status\": \"affected\", \"version\": \"8.24.32\"}, {\"status\": \"affected\", \"version\": \"8.24.33\"}, {\"status\": \"affected\", \"version\": \"8.24.34\"}, {\"status\": \"affected\", \"version\": \"8.24.35\"}, {\"status\": \"affected\", \"version\": \"8.24.36\"}, {\"status\": \"affected\", \"version\": \"8.24.37\"}, {\"status\": \"affected\", \"version\": \"8.24.38\"}, {\"status\": \"affected\", \"version\": \"8.24.39\"}, {\"status\": \"affected\", \"version\": \"8.24.40\"}, {\"status\": \"affected\", \"version\": \"8.24.41\"}, {\"status\": \"affected\", \"version\": \"8.24.42\"}, {\"status\": \"affected\", \"version\": \"8.24.43\"}, {\"status\": \"affected\", \"version\": \"8.24.44\"}, {\"status\": \"affected\", \"version\": \"8.24.45\"}, {\"status\": \"affected\", \"version\": \"8.24.46\"}, {\"status\": \"affected\", \"version\": \"8.24.47\"}, {\"status\": \"affected\", \"version\": \"8.24.48\"}, {\"status\": \"affected\", \"version\": \"8.24.49\"}, {\"status\": \"affected\", \"version\": \"8.24.50\"}, {\"status\": \"affected\", \"version\": \"8.24.51\"}, {\"status\": \"affected\", \"version\": \"8.24.52\"}, {\"status\": \"affected\", \"version\": \"8.24.53\"}, {\"status\": \"affected\", \"version\": \"8.24.54\"}, {\"status\": \"affected\", \"version\": \"8.24.55\"}, {\"status\": \"affected\", \"version\": \"8.24.56\"}, {\"status\": \"affected\", \"version\": \"8.24.57\"}, {\"status\": \"affected\", \"version\": \"8.24.58\"}, {\"status\": \"affected\", \"version\": \"8.24.59\"}, {\"status\": \"affected\", \"version\": \"8.24.60\"}, {\"status\": \"affected\", \"version\": \"8.24.61\"}, {\"status\": \"affected\", \"version\": \"8.24.62\"}, {\"status\": \"affected\", \"version\": \"8.24.63\"}, {\"status\": \"affected\", \"version\": \"8.24.64\"}, {\"status\": \"affected\", \"version\": \"8.24.65\"}, {\"status\": \"affected\", \"version\": \"8.24.66\"}, {\"status\": \"affected\", \"version\": \"8.24.67\"}, {\"status\": \"affected\", \"version\": \"8.24.68\"}, {\"status\": \"affected\", \"version\": \"8.24.69\"}, {\"status\": \"affected\", \"version\": \"8.24.70\"}, {\"status\": \"affected\", \"version\": \"8.24.71\"}, {\"status\": \"affected\", \"version\": \"8.24.72\"}, {\"status\": \"affected\", \"version\": \"8.24.73\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-12-12T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-12-12T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-12-12T15:51:19.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.336201\", \"name\": \"VDB-336201 | Qualitor viewDocumento.php cross site scripting\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.336201\", \"name\": \"VDB-336201 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.705193\", \"name\": \"Submit #705193 | Qualitor 8.20.77 - 8.24.73 Cross Site Scripting\", \"tags\": [\"third-party-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. The vendor confirms the existence of the issue: \\\"We became aware of the issue through an earlier direct notification from the original reporter, and our engineering team promptly investigated and implemented the necessary corrective measures. (...) Updated versions containing the fix have already been provided to our customer base\\\".\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Cross Site Scripting\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"Code Injection\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-12-12T20:32:06.152Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-14580\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-15T18:11:46.065Z\", \"dateReserved\": \"2025-12-12T14:46:09.470Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-12-12T20:32:06.152Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…