Security Advisory

CVE-2025-70368

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-26 00:00:00

Last updated 2026-01-27 19:56:00

Assigner mitre

State PUBLISHED

Description

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

← Browse all CVEs View on cve.org ↗