CVE-2025-66574

UNKNOWN 0.0

TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

14th

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges.

CWE	CWE-79
Vendor	compass plustechologies
Product	tranzaxis
Published	Dec 4, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for compass plustechologies tranzaxis

Be the first to know when new unknown vulnerabilities affecting compass plustechologies tranzaxis are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Compass Plustechologies / TranzAxis

3.2.41.10.26

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52086 compassplustechnologies.com: https://compassplustechnologies.com/ vulncheck.com: https://www.vulncheck.com/advisories/tranzaxis-32411026-stored-cross-site-scripting-xss

Credits

ABABANK REDTEAM