CVE-2025-59904

Vulnerability Description

Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource.

Vulnerability Details

Published Date

February 16, 2026

Last Modified

February 18, 2026

CWE ID

CWE-79

Source

NVD

Vendor

Kubysoft

Product

Kubysoft

External References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-kubysoft

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment