Unrated severityNVD Advisory· Published Oct 8, 2025· Updated Oct 8, 2025

CVE-2025-60314

Description

Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS) due to the lack of input sanitization on the product name parameter (Nombre:Producto) allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript.

Affected products

Configuroweb/Sistema Web de Inventariodescription
Configuroweb/Sistema Web de Inventariollm-create
Range: =1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

configuroweb.com/sistema-web-de-inventario-simple-en-php-mysql/mitre
github.com/ChuckBartowski7/Vulnerability-Research/blob/main/CVE-2025-60314/README.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000