Description

A reflected cross-site scripting (XSS) vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 (01). The sle_sSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be executed in the victim's browser within the security context of the vulnerable application. This issue could allow attackers to steal session cookies, disclose sensitive information, perform unauthorized actions on behalf of the user, or conduct phishing attacks.

INFO

Published Date :

2025-11-19T00:00:00.000Z

Last Modified :

2025-11-19T15:43:58.358Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63243 vulnerability.

Vendors Products
Pixeon
  • Weblaudos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63243.

URL Resource
https://medium.com/@wagneralves_87750/cve-2025-63243-reflected-cross-site-scripting-in-loginalterarsenha-asp-via-sle-slogin-parameter-53808fbbeeee cve-icon cve-icon
https://www.pixeon.com/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact