Medium severity5.4NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026
CVE-2025-63260
CVE-2025-63260
Description
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.
Affected products
1- cpe:2.3:a:syncfusion:syncfusion:30.1.37:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pentest-tools.com/PTT-2025-023-Multiple-Stored-XSS.pdfnvdExploitThird Party Advisory
- syncfusion.comnvdProduct
News mentions
0No linked articles in our index yet.