Skip to main content

CVE-2025-30630: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pozzad Global Translator

Medium
VulnerabilityCVE-2025-30630cvecve-2025-30630cwe-79
Published: Fri Jun 06 2025 (06/06/2025, 12:54:22 UTC)
Source: CVE Database V5
Vendor/Project: pozzad
Product: Global Translator

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator allows Stored XSS. This issue affects Global Translator: from n/a through 2.0.2.

AI-Powered Analysis

AILast updated: 07/08/2025, 06:41:37 UTC

Technical Analysis

CVE-2025-30630 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) affecting the pozzad Global Translator software up to version 2.0.2. Stored XSS occurs when malicious input is persistently stored by the application and later rendered in web pages without proper sanitization or encoding, allowing attackers to execute arbitrary JavaScript in the context of other users' browsers. This vulnerability enables an attacker with authenticated access (as indicated by the CVSS vector requiring privileges and user interaction) to inject malicious scripts that can compromise confidentiality, integrity, and availability of user sessions. The CVSS score of 5.9 reflects a medium severity, with network attack vector, low attack complexity, but requiring privileges and user interaction, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable one. Exploitation could lead to data leakage (confidentiality impact), modification of displayed content or user actions (integrity impact), and potential disruption of service or user experience (availability impact). No public exploits are currently known, and no patches have been linked yet, which suggests that organizations using this software should proactively monitor for updates and consider mitigation strategies. The vulnerability affects all versions up to 2.0.2, with no specific earliest affected version noted. The vulnerability was published on June 6, 2025, and reserved in March 2025, indicating recent discovery and disclosure.

Potential Impact

For European organizations using pozzad Global Translator, this vulnerability poses a risk primarily to web application security and user data integrity. Stored XSS can be leveraged to hijack user sessions, steal sensitive information such as authentication tokens, or perform unauthorized actions on behalf of users. In environments where Global Translator is integrated into business workflows, such as translation services for internal or client communications, exploitation could lead to leakage of confidential information or manipulation of translated content, potentially impacting business operations and compliance with data protection regulations like GDPR. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially in organizations with many users or where credentials may be compromised. Additionally, the scope change in the CVSS vector suggests that the vulnerability could affect multiple components or services, increasing potential impact. The lack of known exploits in the wild reduces immediate risk but should not lead to complacency. European organizations must consider the reputational and regulatory consequences of a successful attack, especially in sectors handling sensitive or personal data.

Mitigation Recommendations

1. Immediate mitigation should include restricting access to the Global Translator application to trusted users and networks, minimizing the number of users with privileges required to exploit this vulnerability. 2. Implement strict input validation and output encoding on all user-supplied data within the application, particularly focusing on areas where user input is stored and later rendered in web pages. 3. Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS by restricting the execution of unauthorized scripts. 4. Monitor application logs and user activity for unusual behavior indicative of XSS exploitation attempts. 5. Since no patches are currently linked, maintain close communication with the vendor for timely updates and apply patches immediately upon release. 6. Conduct security awareness training for users to recognize phishing or social engineering attempts that could lead to credential compromise. 7. Consider deploying Web Application Firewalls (WAF) with rules tailored to detect and block XSS payloads targeting this application. 8. Review and harden authentication mechanisms to prevent unauthorized access that could facilitate exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-03-24T13:01:06.201Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6842eddb71f4d251b5c87f97

Added to database: 6/6/2025, 1:32:11 PM

Last enriched: 7/8/2025, 6:41:37 AM

Last updated: 8/3/2025, 4:24:17 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats