Medium severity4.4NVD Advisory· Published Apr 25, 2025· Updated Jun 17, 2026
CVE-2025-46545
CVE-2025-46545
Description
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<141851+ 1 more
- (no CPE)range: <141851
- (no CPE)range: 141851
Patches
Vulnerability mechanics
References
4- gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7nvdThird Party Advisory
- deiteriy.comnvdNot Applicable
- sherparpa.comnvdProduct
- twitter.com/ArtyomBrylevnvdNot Applicable
News mentions
0No linked articles in our index yet.