4.6

CVE-2025-27706

Cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.54

CVE-2025-27706 is a cross-site scripting vulnerability in the management
 console of Absolute Secure Access prior to version 13.54. Attackers 
with system administrator permissions can interfere with another system 
administrator’s use of the management console when the second 
administrator visits the page. Attack complexity is low, there are no 
preexisting attack requirements, privileges required are high and active
 user interaction is required. There is no impact on confidentiality, 
the impact on integrity is low and there is no impact on availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AbsoluteSecure Access Version < 13.54
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.105
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.4 1.7 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
SecurityResponse@netmotionsoftware.com 4.6 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.absolute.com/platform/vulnerability-archive/cve-2025-27706
Vendor Advisory