CVE-2025-56320
Description
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Stored XSS vulnerability exists in the chat box of Enterprise Contract Management Portal v.22.4.0, allowing remote code execution in an unsupported version.
Root
Cause
The Enterprise Contract Management Portal v.22.4.0 contains a Stored Cross-Site Scripting (XSS) vulnerability within its chat box component. The application fails to properly sanitize user-supplied input before storing it, allowing arbitrary script injection that persists in the chat interface.
Exploitation
A remote attacker can exploit this by submitting crafted payloads into the chat box, which are then stored and executed when other users view the affected messages. No authentication details or specific user interaction beyond viewing the chat is required for the stored payload to trigger, making this a medium-severity threat (CVSS 5.4).
Impact
Successful exploitation enables arbitrary code execution in the context of the user's session, potentially leading to data theft, session hijacking, or defacement within the application [1].
Status
The vendor notes that this vulnerability is present only in an obsolete, unsupported version of the software that is no longer in circulation. Users running the current supported version are not affected. No official patch is expected for the deprecated release.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.