VYPR
Unrated severityOSV Advisory· Published Jan 26, 2026· Updated Jan 27, 2026

CVE-2025-70368

CVE-2025-70368

Description

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Worklenz/WorklenzOSV2 versions
    angular-version-legacy, v1.0.0, v1.0.1, …+ 1 more
    • (no CPE)range: angular-version-legacy, v1.0.0, v1.0.1, …
    • (no CPE)range: =2.1.5

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.