CVE-2025-51989 - CERT CVE
ID CVE-2025-51989
Sažetak HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not registered, email address.
Reference
CVSS
Base: 7.0
Impact: 4.7
Exploitability:2.2
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Zadnje važnije ažuriranje 05-07-2026 - 17:17
Objavljeno 21-08-2025 - 20:15