CVE-2025-13584

low-risk

Published 2025-11-24

A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/time_entry.description leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.4.1 is able to resolve this issue. The identifier of the patch is 7dec94c9d1f3e513e0ee38ba68caaba628e08582. Upgrading the affected component is advised.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

NETWORK / LOW complexity

References (7)

https://github.com/Eigenfocus/eigenfocus/commit/7dec94c9d1f3e513e0ee38ba68caaba6...

https://github.com/Eigenfocus/eigenfocus/pull/358

https://github.com/Eigenfocus/eigenfocus/releases/tag/v1.4.1-free

https://github.com/Stolichnayer/eigenfocus-stored-xss

https://vuldb.com/?ctiid.333348

https://vuldb.com/?id.333348

https://vuldb.com/?submit.699689

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal