Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Kubysoft: Malicious scripts can be injected through user input
CVE-2025-59904
Summary
A vulnerability in Kubysoft allows attackers to inject malicious code into the system, which can be executed when other users access the affected resource. This could potentially allow an attacker to steal sensitive information or take control of user sessions. To protect against this, update to the latest version of Kubysoft or apply the recommended patches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| kubysoft | kubysoft | All versions | – |
Original title
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and exe...
Original description
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource.
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026