Medium severity5.4NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026
CVE-2025-63260
CVE-2025-63260
Description
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:syncfusion:syncfusion:30.1.37:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:syncfusion:syncfusion:30.1.37:*:*:*:*:*:*:*
- (no CPE)range: =30.1.37
Patches
Vulnerability mechanics
References
2- pentest-tools.com/PTT-2025-023-Multiple-Stored-XSS.pdfnvdExploitThird Party Advisory
- syncfusion.comnvdProduct
News mentions
0No linked articles in our index yet.