Description

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.

INFO

Published Date :

2026-01-05T16:47:38.557Z

Last Modified :

2026-01-05T20:58:05.416Z

Source :

hackerone
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59467 vulnerability.

Vendors Products
Ubiquiti
  • Ucrm Argentina Afip Invoices Plugin
Ui
  • Argentina Afip Invoices
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59467.

URL Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-057/6d3f2a51-22b8-47a1-9296-1e9dcd64e073 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact