CVE Catalog

CVE-2025-56320

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile - higher than 31% of all known CVEs

Summary

A Stored XSS vulnerability in the chat component of CobbleStone Enterprise Contract Management Portal v22.4.0 allows a remote attacker to execute arbitrary code in the victim's browser. The vendor states this issue is present only in an obsolete, unsupported version no longer in circulation.

Risk Assessment

The risk involves potential session hijacking, data theft, or malware propagation within the organization if the vulnerable version is still in use.

Recommendation

Immediately upgrade to the latest supported version of CobbleStone Enterprise Contract Management Portal or decommission version 22.4.0.

Original NVD description (English source)

CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."

Vulnerability data from NVD (NIST) · CISA KEV · EPSS