MidnightBSD

Advisories for compassplustechnologies

CVE-2025-66574

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

Products Affected

Vendor Product Version
compassplustechnologies tranzaxis 3.2.41.10.26