CVE-2025-41021 – Stored Cross-Site Scripting (XSS) vulnerability in Sergestec’s Exito

CVE ID : CVE-2025-41021

Published : Oct. 16, 2025, 8:15 a.m. | 25 minutes ago

Description : Stored Cross-Site Scripting (XSS) in Sergestec’s Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the ‘obs’ parameter in ‘/admin/index.php?action=product_update’. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…