Description

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.

INFO

Published Date :

2026-01-26T00:00:00.000Z

Last Modified :

2026-01-27T19:56:00.363Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-70368 vulnerability.

Vendors Products
Worklenz
  • Worklenz
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70368.

URL Resource
https://github.com/Stolichnayer/CVE-2025-70368 cve-icon cve-icon cve-icon
https://github.com/Worklenz/worklenz cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact