PatchSiren cyber security CVE debrief
CVE-2025-65640 Arket CVE debrief
A Cross Site Scripting (XSS) vulnerability exists in the 'Task in Progress / Recent' page of Arket Globe Document Intelligence 5.0.0.559. The vulnerability is caused by improper sanitization of user input in text fields when creating a new document. An authenticated attacker can submit data containing JavaScript code within these fields, which is then executed when the page is rendered, allowing the attacker to execute arbitrary JavaScript in the context of other users' browsers who view the affected page.
- Vendor
- Arket
- Product
- Globe Document Intelligence
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Arket Globe Document Intelligence 5.0.0.559, particularly those who create documents and authenticated users who view the 'Task in Progress / Recent' page.
Technical summary
The application fails to properly sanitize or escape user-input content, leading to the execution of injected scripts when the page is rendered.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the XSS vulnerability.
- Implement proper input validation and sanitization for user-supplied data in text fields.
- Use Content Security Policy (CSP) to define which sources of content are allowed to be executed within a web page.
Evidence notes
The CVE-2025-65640 vulnerability has a CVSS score of 6.3 and is classified as MEDIUM severity.
Official resources
CVE-2025-65640 was published on 2026-06-04T19:16:25.620Z and modified on 2026-06-05T16:04:48.437Z.