CVE-2025-3894

Published May 23, 2025

Last updated 2 months ago

CVSS medium 4.8

Overview

Description
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required.   Version 5.20 of MegaBIP fixes this issue.
Source
cvd@cert.pl
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
4.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

Weaknesses

cvd@cert.pl
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-3894 Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are req… https://t.co/Ndg5TnDrKL

    @CVEnew

    23 May 2025

    115 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.