Description

Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions

Related CPE's

a

edubusinesssolutions

print_shop_pro_webdesk

18.34

Vulnerable

References

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550

ExploitThird Party Advisory

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550

ExploitThird Party Advisory

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-08T17:15:48.940Z

1 week ago

Last modified

2026-01-15T21:47:16.640Z

2 hours ago