CVE-2025-40700

Description

Reflected Cross-Site Scripting (XSS) in IDI Eikons Governalia. The vulnerability allows an attacker to execute JavaScript code in the victims browser when a malicious URL with the q parameter in /search is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.