Stored XSS in Kron Technologies’ Kron PAM

July 25, 2025 invoker category_cve

CVE Details

Basic Information

Title Stored XSS in Kron Technologies’ Kron PAM
Type cve
Published 2025-07-25T11:30:28.763Z
Modified 2025-07-25T11:30:28.763Z

Product Information

Vendor Kron Technologies
Product Kron PAM
Version 0

CVSS Information

Base Score 6.1 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Analysis

AI Description A stored XSS vulnerability in Kron PAM allows attackers to inject malicious scripts, potentially affecting multiple users and administrators. This issue is resolved in versions after 3.7.
AI Severity Medium
AI Vendor Kron Technologies
AI Product Kron PAM
AI Version before 3.7

Affected Products

  • Kron Technologies Kron PAM 0

Additional Information

CWE List CWE-79
Source TR-CERT

Description

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kron Technologies Kron PAM allows Stored XSS. This issue affects Kron PAM: before 3.7.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.