CVE-2025-30630 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) affecting the pozzad Global Translator software up to version 2.0.2. Stored XSS occurs when malicious input is persistently stored by the application and later rendered in web pages without proper sanitization or encoding, allowing attackers to execute arbitrary JavaScript in the context of other users' browsers. This vulnerability enables an attacker with authenticated access (as indicated by the CVSS vector requiring privileges and user interaction) to inject malicious scripts that can compromise confidentiality, integrity, and availability of user sessions. The CVSS score of 5.9 reflects a medium severity, with network attack vector, low attack complexity, but requiring privileges and user interaction, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable one. Exploitation could lead to data leakage (confidentiality impact), modification of displayed content or user actions (integrity impact), and potential disruption of service or user experience (availability impact). No public exploits are currently known, and no patches have been linked yet, which suggests that organizations using this software should proactively monitor for updates and consider mitigation strategies. The vulnerability affects all versions up to 2.0.2, with no specific earliest affected version noted. The vulnerability was published on June 6, 2025, and reserved in March 2025, indicating recent discovery and disclosure.

For European organizations using pozzad Global Translator, this vulnerability poses a risk primarily to web application security and user data integrity. Stored XSS can be leveraged to hijack user sessions, steal sensitive information such as authentication tokens, or perform unauthorized actions on behalf of users. In environments where Global Translator is integrated into business workflows, such as translation services for internal or client communications, exploitation could lead to leakage of confidential information or manipulation of translated content, potentially impacting business operations and compliance with data protection regulations like GDPR. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially in organizations with many users or where credentials may be compromised. Additionally, the scope change in the CVSS vector suggests that the vulnerability could affect multiple components or services, increasing potential impact. The lack of known exploits in the wild reduces immediate risk but should not lead to complacency. European organizations must consider the reputational and regulatory consequences of a successful attack, especially in sectors handling sensitive or personal data.

1. Immediate mitigation should include restricting access to the Global Translator application to trusted users and networks, minimizing the number of users with privileges required to exploit this vulnerability. 2. Implement strict input validation and output encoding on all user-supplied data within the application, particularly focusing on areas where user input is stored and later rendered in web pages. 3. Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS by restricting the execution of unauthorized scripts. 4. Monitor application logs and user activity for unusual behavior indicative of XSS exploitation attempts. 5. Since no patches are currently linked, maintain close communication with the vendor for timely updates and apply patches immediately upon release. 6. Conduct security awareness training for users to recognize phishing or social engineering attempts that could lead to credential compromise. 7. Consider deploying Web Application Firewalls (WAF) with rules tailored to detect and block XSS payloads targeting this application. 8. Review and harden authentication mechanisms to prevent unauthorized access that could facilitate exploitation.