CVE-2025-67558 is a stored Cross-site Scripting (XSS) vulnerability identified in the Jacques Malgrange Rencontre web application, affecting all versions up to and including 3.13.7. This vulnerability stems from improper neutralization of input during web page generation, meaning that user-supplied data is not adequately sanitized or encoded before being embedded into web pages. As a result, an attacker with at least low privileges can inject malicious JavaScript code that is stored persistently on the server and executed in the browsers of other users who view the affected pages. The CVSS 3.1 vector indicates network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. The impact metrics show low confidentiality (C:L), integrity (I:L), and availability (A:L) impacts, reflecting the potential for data leakage, manipulation, or service disruption. No patches or known exploits are currently documented, but the vulnerability's nature makes it a significant risk for web applications handling sensitive user data or authentication sessions. The stored XSS can facilitate session hijacking, credential theft, or distribution of malware through the affected web interface.

For European organizations using the Jacques Malgrange Rencontre platform, this vulnerability poses a risk of unauthorized script execution in users' browsers, potentially leading to session hijacking, theft of sensitive information, or defacement of web content. The impact extends to confidentiality, integrity, and availability of the affected systems and data. Organizations in sectors such as online dating, social networking, or any service relying on Rencontre for user interaction are particularly vulnerable. Exploitation could undermine user trust and lead to regulatory compliance issues under GDPR due to potential personal data exposure. The medium severity rating indicates that while the vulnerability is not critical, it can still cause significant harm if leveraged by attackers, especially in environments with privileged users or high-value targets. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur.

European organizations should immediately audit their Rencontre installations to identify affected versions (<=3.13.7) and prioritize upgrading to patched versions once available. In the absence of official patches, implement strict input validation and output encoding on all user-supplied data to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Conduct regular security assessments and penetration testing focused on XSS vulnerabilities. Educate users about the risks of interacting with suspicious content and monitor logs for unusual activity indicative of exploitation attempts. Additionally, consider deploying Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting Rencontre. Finally, maintain an incident response plan to quickly address any exploitation events.