Reflected Cross-site Scripting Vulnerability in Hesabfa Accounting Software
CVE-2025-22682
7.1HIGH
What is CVE-2025-22682?
A reflected Cross-site Scripting (XSS) vulnerability exists in Hesabfa Accounting that can be exploited during web page generation. This flaw allows attackers to inject malicious scripts into webpages viewed by users. Successful exploitation can lead to sensitive data exposure or hijacking of user sessions, putting user security at risk. The vulnerability affects all versions of Hesabfa Accounting up to 2.1.2. Users are advised to upgrade to the latest version to mitigate potential threats.
Affected Version(s)
Hesabfa Accounting <= 2.1.2