CVE-2025-65640

medium

Description

Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript code within these fields, the application fails to properly sanitize or escape the content. As a result, the injected script is executed when the page is rendered, allowing the attacker to execute arbitrary JavaScript in the context of other users' browsers who view the affected page.

References

https://www.arket.it/

https://github.com/vincenzo-emanuele/CVE-2025-65640

Details

Source: Mitre, NVD

Published: 2026-06-04

Updated: 2026-06-05

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00032