Medium
CVSS 4.3
Overview
The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules) potentaily allows Stored XSS.
This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23.
CVE-2025-7672
The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (...
Risk analysis
This vulnerability is rated 🟡 MEDIUM.
- CVSS: 4.3 (MEDIUM)
- Detected tags: stored_xss, xss (tag impact: MODERATE)
Recommended actions:
- Sanitize stored input and enforce CSP.
- Apply context-aware output encoding.
- Enable Content-Security-Policy and HttpOnly/SameSite cookies.