5.4

CVE-2025-6725

In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerProgress Software
Produkt Kendo UI for jQuery
Default Statusunaffected
Version <= 2025.2.520
Version 2024.4.1112
Status affected
HerstellerProgress Software
Produkt Kendo UI for Angular
Default Statusunaffected
Version <= 19.1.2
Version 18.5.0
Status affected
HerstellerProgress Software
Produkt KendoReact
Default Statusunaffected
Version <= 11.1.0
Version 5.10.0
Status affected
HerstellerProgress Software
Produkt Telerik UI for ASP.NET MVC
Default Statusunaffected
Version <= 2025.2.520
Version 2024.4.1112
Status affected
HerstellerProgress Software
Produkt Telerik UI for ASP.NET Core
Default Statusunaffected
Version <= 2025.2.520
Version 2024.4.1112
Status affected
HerstellerProgress Software
Produkt Telerik UI for Blazor
Default Statusunaffected
Version <= 9.0.0
Version 3.6.0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.179
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@progress.com 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.