Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Kubysoft: Malicious Script Injection in Node Procedures
CVE-2025-59905
Summary
Kubysoft's node procedure endpoint can inject malicious scripts into users' browsers, allowing attackers to steal sensitive info or take control of user sessions. This happens when malicious data is passed to certain parameters in the endpoint URL. Affected users should update to the latest version of Kubysoft to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| kubysoft | kubysoft | All versions | – |
Original title
Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbit...
Original description
Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the victim's browser.
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 16 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026