- Advisory ID: CV_2025_06_3
- Issued: 2025-06-06
- Updated: 2025-06-06
A specific section of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality ensures a secure and seamless user experience.
Although the user input is not validated in the report creation, these scripts are not executed when the report is run. As a result, there is no actual impact from the injection attempts, and the functionality remains secure for end users.
Acknowledgments:
We thank NCIA researchers for responsibly disclosing this issue.
CVSS Score: 0.0
Impacted Products
This vulnerability does not affect Commvault products.
Resolution
None