{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0971", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-02-02T07:54:47.521Z", "datePublished": "2025-02-02T23:31:03.808Z", "dateUpdated": "2025-02-12T20:41:38.405Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-02-02T23:31:03.808Z"}, "title": "Zenvia Movidesk Profile Editing EditProfile cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "Zenvia", "product": "Movidesk", "versions": [{"version": "25.01.0", "status": "affected"}, {"version": "25.01.1", "status": "affected"}, {"version": "25.01.2", "status": "affected"}, {"version": "25.01.3", "status": "affected"}, {"version": "25.01.4", "status": "affected"}, {"version": "25.01.5", "status": "affected"}, {"version": "25.01.6", "status": "affected"}, {"version": "25.01.7", "status": "affected"}, {"version": "25.01.8", "status": "affected"}, {"version": "25.01.9", "status": "affected"}, {"version": "25.01.10", "status": "affected"}, {"version": "25.01.11", "status": "affected"}, {"version": "25.01.12", "status": "affected"}, {"version": "25.01.13", "status": "affected"}, {"version": "25.01.14", "status": "affected"}, {"version": "25.01.15", "status": "affected"}, {"version": "25.01.16", "status": "affected"}, {"version": "25.01.17", "status": "affected"}, {"version": "25.01.18", "status": "affected"}, {"version": "25.01.19", "status": "affected"}, {"version": "25.01.20", "status": "affected"}, {"version": "25.01.21", "status": "affected"}, {"version": "25.01.22", "status": "affected"}], "modules": ["Profile Editing"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in Zenvia Movidesk bis 25.01.22 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /Account/EditProfile der Komponente Profile Editing. Mit der Manipulation des Arguments username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 25.01.22.245a473c54 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-02-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-02-02T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-02-02T08:59:59.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "y4g0 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.294362", "name": "VDB-294362 | Zenvia Movidesk Profile Editing EditProfile cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.294362", "name": "VDB-294362 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.486023", "name": "Submit #486023 | zenvia movidesk 25.01.15.86c796efe6 Cross Site Scripting", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0971", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T13:22:56.662435Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:38.405Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0971", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T13:22:56.662435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:40:47.217Z"}}], "cna": {"title": "Zenvia Movidesk Profile Editing EditProfile cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "y4g0 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "Zenvia", "modules": ["Profile Editing"], "product": "Movidesk", "versions": [{"status": "affected", "version": "25.01.0"}, {"status": "affected", "version": "25.01.1"}, {"status": "affected", "version": "25.01.2"}, {"status": "affected", "version": "25.01.3"}, {"status": "affected", "version": "25.01.4"}, {"status": "affected", "version": "25.01.5"}, {"status": "affected", "version": "25.01.6"}, {"status": "affected", "version": "25.01.7"}, {"status": "affected", "version": "25.01.8"}, {"status": "affected", "version": "25.01.9"}, {"status": "affected", "version": "25.01.10"}, {"status": "affected", "version": "25.01.11"}, {"status": "affected", "version": "25.01.12"}, {"status": "affected", "version": "25.01.13"}, {"status": "affected", "version": "25.01.14"}, {"status": "affected", "version": "25.01.15"}, {"status": "affected", "version": "25.01.16"}, {"status": "affected", "version": "25.01.17"}, {"status": "affected", "version": "25.01.18"}, {"status": "affected", "version": "25.01.19"}, {"status": "affected", "version": "25.01.20"}, {"status": "affected", "version": "25.01.21"}, {"status": "affected", "version": "25.01.22"}]}], "timeline": [{"lang": "en", "time": "2025-02-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-02-02T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-02-02T08:59:59.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.294362", "name": "VDB-294362 | Zenvia Movidesk Profile Editing EditProfile cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.294362", "name": "VDB-294362 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.486023", "name": "Submit #486023 | zenvia movidesk 25.01.15.86c796efe6 Cross Site Scripting", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in Zenvia Movidesk bis 25.01.22 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /Account/EditProfile der Komponente Profile Editing. Mit der Manipulation des Arguments username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 25.01.22.245a473c54 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-02-02T23:31:03.808Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0971", "state": "PUBLISHED", "dateUpdated": "2025-02-12T20:41:38.405Z", "dateReserved": "2025-02-02T07:54:47.521Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-02-02T23:31:03.808Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component."}], "id": "CVE-2025-0971", "lastModified": "2025-02-03T00:15:27.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-02-03T00:15:27.797", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.294362"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.294362"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.486023"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}