Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Feb 10, 2026

CVE-2025-61549

Description

Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the context of a victim s browser session

Affected products

edu Business Solutions/Print Shop Pro WebDeskdescription
edu Business Solutions/Print Shop Pro WebDeskllm-fuzzy
Range: <=18.34

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61549mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000