Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Apr 7, 2026
TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS)
CVE-2025-66574
Description
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 3.2.41.10.26+ 1 more
- (no CPE)range: = 3.2.41.10.26
- (no CPE)range: 3.2.41.10.26
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/52086mitreexploit
- www.vulncheck.com/advisories/tranzaxis-32411026-stored-cross-site-scripting-xssmitrethird-party-advisory
- compassplustechnologies.commitreproduct
News mentions
0No linked articles in our index yet.