VYPR
Medium severity4.4NVD Advisory· Published Apr 25, 2025· Updated Jun 17, 2026

CVE-2025-46545

CVE-2025-46545

Description

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.