CVE-2025-4376

Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165.

CVSS

No CVSS.

References

Link	Resource
https://sparxsystems.com/products/procloudserver/6.1/

Configurations

No configuration.

History

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de validación de entrada incorrecta en el campo de búsqueda del modelo WebEA de Sparx Systems Pro Cloud Server permite el uso de cross site scripting (XSS). Este problema afecta a Pro Cloud Server: versiones anteriores a la 6.0.165.

09 May 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-09 06:15

Updated : 2025-05-12 17:32

NVD link : CVE-2025-4376

Mitre link : CVE-2025-4376

CVE.ORG link : CVE-2025-4376

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-4376", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-09T06:15:37.840", "references": [{"url": "https://sparxsystems.com/products/procloudserver/6.1/", "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). \nThis issue affects Pro Cloud Server: earlier than 6.0.165."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en el campo de b\u00fasqueda del modelo WebEA de Sparx Systems Pro Cloud Server permite el uso de cross site scripting (XSS). Este problema afecta a Pro Cloud Server: versiones anteriores a la 6.0.165."}], "lastModified": "2025-05-12T17:32:52.810", "sourceIdentifier": "db4dfee8-a97e-4877-bfae-eba6d14a2166"}