This vulnerability (CVE-2025-31407) affects hutsixdigital Tiger through version 2.0 and involves CWE-79: improper neutralization of input during web page generation, resulting in stored cross-site scripting (XSS). An attacker could inject malicious scripts that are stored by the application and later executed in the context of other users' browsers, potentially leading to information disclosure, session hijacking, or other impacts. The CVSS vector indicates the attack requires network access, low attack complexity, privileges, and user interaction, with partial impact on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of affected users, potentially leading to partial confidentiality, integrity, and availability impacts. This could include theft of user credentials, session tokens, or manipulation of displayed content. However, no known exploits are currently reported in the wild.

No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, users should consider applying input validation or output encoding workarounds if feasible and exercise caution with user-generated content.