CVE Details
Basic Information
| Title | SoluçõesCoop iSoluçõesWEB Flow fluxos-dashboard cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-06T02:31:09.851Z |
| Last Seen |
Product Information
| Vendor | SoluçõesCoop |
|---|---|
| Product | iSoluçõesWEB |
| Version | 20250519 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The iSoluçõesWEB product by SoluçõesCoop is vulnerable to cross-site scripting (XSS) in the /fluxos-dashboard component. An attacker can exploit this by injecting malicious scripts into the ‘Descrição da solicitação’ parameter, potentially affecting users who view the compromised content. The vulnerability is rated as Medium severity due to the need for user interaction and the product’s limited usage. |
|---|---|
| AI Severity | Medium |
| Vendor | SoluçõesCoop |
| Product | iSoluçõesWEB |
| Affected Version | 20250519 |
Affected Products
- SoluçõesCoop iSoluçõesWEB 20250519
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family |
References
Description
A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descrição da solicitação leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.