CVE-2025-64030 is a stored cross-site scripting vulnerability affecting Eximbills Enterprise version 4.1.5, specifically through the /EximBillWeb/servlets/WSTrxManager endpoint. The vulnerability stems from improper sanitization of the TMPL_INFO parameter, which accepts user input that is stored on the server and subsequently rendered in web pages viewed by other authenticated users. This flaw allows an attacker with valid credentials to inject malicious JavaScript code that executes in the browsers of other users who access the affected pages. The attack requires the attacker to be authenticated (PR:L) and involves user interaction (UI:R), as victims must view the malicious content for the script to execute. The CVSS v3.1 base score is 5.4, reflecting a medium severity with network attack vector (AV:N), low attack complexity (AC:L), and partial impact on confidentiality and integrity (C:L, I:L), but no impact on availability (A:N). The vulnerability could be exploited to steal session tokens, perform actions on behalf of other users, or manipulate displayed data, potentially leading to further compromise within the application context. No patches or known exploits are currently reported, indicating the need for proactive mitigation. The vulnerability is categorized under CWE-79, a common and well-understood class of web application security issues.

For European organizations, this vulnerability poses a risk primarily to confidentiality and integrity of user sessions and data within Eximbills Enterprise environments. Attackers with valid credentials could exploit the flaw to execute arbitrary scripts in other users' browsers, potentially leading to session hijacking, unauthorized actions, or data manipulation. This can undermine trust in billing and financial systems, disrupt business operations, and expose sensitive financial information. Although availability is not directly impacted, the indirect effects of compromised data integrity and confidentiality could lead to regulatory compliance issues under GDPR and financial regulations. Organizations relying on Eximbills Enterprise for billing or financial management should consider the potential reputational and operational risks, especially in sectors with stringent data protection requirements such as banking, insurance, and public services.

To mitigate this vulnerability, organizations should implement strict input validation and output encoding on the TMPL_INFO parameter to prevent injection of malicious scripts. Employ a web application firewall (WAF) with rules targeting stored XSS patterns specific to Eximbills Enterprise endpoints. Limit user privileges to the minimum necessary to reduce the risk of authenticated attackers injecting malicious content. Monitor logs and user activity for unusual behavior indicative of XSS exploitation attempts. Since no official patches are currently available, consider isolating or restricting access to the vulnerable endpoint and educating users about the risks of interacting with untrusted content within the application. Additionally, implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regularly review vendor communications for updates or patches addressing this vulnerability.