Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable, no privileges required, stored payload triggers on victim page load (UI:R), scope changes to victim browser with session/content impact (C:L/I:L).
Primary rating from Vendor (twcert).
CVSS VectorVendor: twcert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.
AnalysisAI
Stored XSS in Ragic Enterprise Cloud Database permits unauthenticated remote attackers to inject persistent JavaScript into application data, which then executes in the browsers of any user who loads the affected page. Because the payload is stored server-side, a single injection event affects all subsequent visitors without further attacker interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to the Ragic Enterprise Cloud Database application and the ability to submit input to a field or form that is subsequently rendered to other users without proper output encoding. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.3 (Medium) captures the constrained subsequent-system impact (SC:L/SI:L) - session hijacking and page content manipulation - but no direct impact on the vulnerable system itself (VC:N/VI:N/VA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker submits a crafted form entry or database record containing a malicious JavaScript payload - for example, a script that exfiltrates session cookies to an attacker-controlled endpoint - into a publicly accessible input field in the Ragic application. The payload is stored in the database. … |
| Remediation | The primary remediation is to apply any patch or configuration update issued by Ragic as referenced in the TWCERT advisories at https://www.twcert.org.tw/tw/cp-132-11031-eccb2-1.html and https://www.twcert.org.tw/en/cp-139-11032-460c2-2.html - no specific fixed version number was disclosed in the available intelligence, so consult the vendor directly to confirm the patched release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Enterprise Cloud Database
View allEnterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated re
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remo
Unrestricted file upload in Ragic Enterprise Cloud Database exposes all versions to unauthenticated remote exploitation,
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43270
GHSA-gv5r-m2vf-6q47