Description

A stored Cross-Site Scripting (XSS) vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 (2025-10-28) in the Account Settings module, where unsanitized user input in Address fields (City, State, Country/Region) is rendered back to the page. Attackers can inject arbitrary JavaScript code, which executes when the affected profile page is viewed. This can lead to session hijacking, cookie theft, or arbitrary script execution in the victim's browser.

INFO

Published Date :

2025-12-09T00:00:00.000Z

Last Modified :

2025-12-11T19:37:29.852Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65300 vulnerability.

Vendors Products
Coohom
  • Coohom
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65300.

URL Resource
https://gist.github.com/garux-sec/ec9a6b6e7e4b617b7245ec18252a6377 cve-icon cve-icon cve-icon
https://www.coohom.com/pub/saas/settings/account cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact