Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.3.
AnalysisAI
Improper HTML tag sanitization in Israpil Textmetrics webtexttool versions up to 3.6.3 enables stored XSS attacks that allow authenticated users with high privileges to inject malicious scripts and compromise data confidentiality and integrity. An attacker with administrative access could inject code through web forms that executes in other users' browsers, potentially leading to session hijacking or credential theft. No patch is currently available for affected industrial deployments.
Technical ContextAI
Classified as CWE-80 (Basic XSS). Affects Israpil Textmetrics webtexttool. Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.3.
Affected ProductsAI
Product: Israpil Textmetrics webtexttool.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Same weakness CWE-80 – Basic XSS
View allShare
External POC / Exploit Code
Leaving vuln.today