CVE-2025-61550 is a stored Cross-Site Scripting (XSS) vulnerability identified in edu Business Solutions Print Shop Pro WebDesk version 18.34. The vulnerability exists in the ctl00_Content01_fieldValue parameter of the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint. This parameter accepts user-supplied input that is stored and subsequently rendered in HTML pages without proper output encoding or sanitization, violating secure coding practices and CWE-79 standards. As a result, attackers can inject arbitrary JavaScript code that persists in the application and executes in the context of other users' sessions when they view the affected pages. The vulnerability requires low attack complexity (AC:L), network vector (AV:N), privileges (PR:L), and user interaction (UI:R), with a scope change (S:C) indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity (C:L/I:L) but not availability (A:N). Although no known exploits are currently in the wild, the vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed on behalf of legitimate users. The issue was addressed in version 19.69 of the software, which presumably includes proper input validation and output encoding to prevent script injection. The vulnerability was published on January 8, 2026, and was reserved on September 26, 2025.

For European organizations using edu Business Solutions Print Shop Pro WebDesk version 18.34 or earlier, this vulnerability can lead to persistent XSS attacks that compromise user sessions and data confidentiality. Attackers can exploit this flaw to steal session cookies, perform actions on behalf of authenticated users, or deliver further malware payloads. This can result in unauthorized access to sensitive print job data, manipulation of print orders, or exposure of internal workflows. Given that print management software often integrates with enterprise systems and handles sensitive documents, the integrity and confidentiality risks are significant. The medium CVSS score reflects moderate impact, but the scope change indicates potential for broader compromise within affected environments. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure. European organizations in sectors such as government, education, and manufacturing that rely on this software for document processing are particularly vulnerable. Failure to patch may also lead to regulatory compliance issues under GDPR if personal data is exposed.

1. Upgrade immediately to edu Business Solutions Print Shop Pro WebDesk version 19.69 or later, where the vulnerability is fixed. 2. Implement strict input validation on all user-supplied data, especially the ctl00_Content01_fieldValue parameter, to reject or sanitize potentially malicious content. 3. Apply proper output encoding (e.g., HTML entity encoding) when rendering user input in web pages to prevent script execution. 4. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. 5. Conduct regular security audits and code reviews focusing on input handling and output encoding practices. 6. Educate users about the risks of clicking on suspicious links or interacting with untrusted content within the application. 7. Monitor logs and web traffic for unusual activity that may indicate attempted exploitation. 8. Isolate the print management system within a segmented network zone to limit lateral movement if compromised. 9. Consider implementing Web Application Firewalls (WAF) with rules to detect and block XSS payloads targeting the vulnerable endpoint.