CVE-2025-46749
Description
An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated stored XSS vulnerability in SEL products allows scripting injection due to improper sanitization.
CVE-2025-46749 describes a stored cross-site scripting (XSS) vulnerability affecting certain SEL software products. The root cause is that fields accepting user input lack proper input validation and output sanitization, allowing an authenticated user to inject arbitrary scripting content into the application [1].
To exploit this issue, an attacker must already have valid authentication credentials for the target system. Once authenticated, the attacker can submit crafted payloads to the vulnerable fields. When other users (or the attacker themselves) later view the stored data, the injected script executes in the context of the victim's browser session [1].
The impact is limited to client-side script execution, which an attacker could use to steal session tokens, perform actions on behalf of the victim, or deface pages. Because the attacker is already authenticated, the overall severity is rated Medium with a CVSS v3 base score of 4.3 [1].
SEL maintains a list of latest software versions on their website, which includes cybersecurity tags to indicate releases that address vulnerabilities [1]. Users should update to the latest versions that contain the relevant security fixes. No workarounds or EOL status have been mentioned in the available reference [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.