PatchSiren cyber security CVE debrief
CVE-2025-7760 Ofisimo Web-Based Software Technologies CVE debrief
CVE-2025-7760 is a high-severity vulnerability (CVSS Score: 7.6) affecting Ofisimo Web-Based Software Technologies Association Web Package Flora, specifically versions from v3.0 through 03022026. This vulnerability allows for Cross-site Scripting (XSS) through HTTP headers, potentially enabling attackers to inject malicious scripts into web pages viewed by other users.
- Vendor
- Ofisimo Web-Based Software Technologies
- Product
- Association Web Package Flora
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-03
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-03
- Advisory updated
- 2026-06-05
Who should care
Users of Ofisimo Web-Based Software Technologies Association Web Package Flora, particularly those using versions between v3.0 and 03022026, should be aware of this vulnerability and take necessary actions to mitigate potential risks.
Technical summary
The vulnerability is caused by improper neutralization of input during web page generation, allowing attackers to inject malicious scripts via HTTP headers. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H.
Defensive priority
HIGH
Recommended defensive actions
- Update to a version of Association Web Package Flora that is outside the affected range (from v3.0 through 03022026).
- Implement additional security measures to monitor and filter HTTP headers for potentially malicious input.
Evidence notes
The vendor, Ofisimo Web-Based Software Technologies Association, was contacted early about this disclosure but did not respond.
Official resources
CVE-2025-7760 was published on 2026-02-03T13:15:54.163Z and last modified on 2026-06-05T13:16:34.150Z.