Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46545

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.

Published

2025-04-25T03:15:20.110

Last Modified

2025-10-15T18:30:33.500

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sherparpa	sherpa_orchestrator	141851	Yes

References

https://deiteriy.com Not Applicable ([email protected])
https://gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7 Third Party Advisory ([email protected])
https://sherparpa.com Product ([email protected])
https://twitter.com/ArtyomBrylev Not Applicable ([email protected])