Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Dec 5, 2025
SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)
CVE-2025-66561
Description
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 2025.102
Patches
Vulnerability mechanics
References
1- github.com/Syslifters/sysreptor/security/advisories/GHSA-64vw-v5c4-mgvmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.