CVE-2025-46545 – Sherpa Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability

April 24, 2025

CVE ID : CVE-2025-46545

Published : April 25, 2025, 3:15 a.m. | 36 minutes ago

Description : In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46547 – Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability

Next Article CVE-2025-46544 – Sherpa Orchestrator Privilege Escalation Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-46545 – Sherpa Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability

Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

CVE-2025-4734 – Campcodes Sales and Inventory System SQL Injection

atftp is a client/server implementation of the TFTP protocol

CVE-2024-56006 – Automattic Jetpack Debug Tools Missing Authorization Vulnerability

CVE-2025-3597 – Firelight Lightbox WordPress Plugin Cross-Site Scripting Vulnerability

CVE-2025-26842 – Znuny S/MIME Encryption Information Disclosure Vulnerability

Affordable 4o Image API for Fast Image Generation

Ubuntu 25.10 Switches to Rust-based sudo

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

CVE-2025-46545 – Sherpa Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability

Related Posts