A DOM-based Cross-Site Scripting (XSS) vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side code being susceptible to direct DOM manipulation without adequate sanitization or a Content Security Policy (CSP), potentially leading to account takeover and data theft.
References
| Link | Resource |
|---|---|
| https://rohitchaudhary045.medium.com/cve-2025-63418-weaponizing-the-browser-console-a-dom-based-xss-deep-dive-25ed3ac9cb53 | Exploit Mitigation Third Party Advisory |
| https://rohitchaudhary045.medium.com/cve-2025-63418-weaponizing-the-browser-console-a-dom-based-xss-deep-dive-25ed3ac9cb53 | Exploit Mitigation Third Party Advisory |
Configurations
History
07 Nov 2025, 19:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://rohitchaudhary045.medium.com/cve-2025-63418-weaponizing-the-browser-console-a-dom-based-xss-deep-dive-25ed3ac9cb53 - Exploit, Mitigation, Third Party Advisory | |
| First Time |
Selfbest
Selfbest selfbest |
|
| CPE | cpe:2.3:a:selfbest:selfbest:2023.3:*:*:*:*:*:*:* |
06 Nov 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| References | () https://rohitchaudhary045.medium.com/cve-2025-63418-weaponizing-the-browser-console-a-dom-based-xss-deep-dive-25ed3ac9cb53 - | |
| CWE | CWE-79 |
05 Nov 2025, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-05 19:16
Updated : 2025-11-07 19:45
NVD link : CVE-2025-63418
Mitre link : CVE-2025-63418
CVE.ORG link : CVE-2025-63418
JSON object : View
Products Affected
selfbest
- selfbest
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')