Impact
The NightWolf Penetration Testing Platform is vulnerable to stored cross‑site scripting. This weakness allows an attacker to insert malicious script into data fields stored within the platform. When a legitimate user views the affected content, the script executes in the user's browser, enabling the attacker to steal session cookies, hijack user sessions, deface the interface, or perform other client‑side actions. The vulnerability results from unsanitized input leading to improper encoding of output.
Affected Systems
The vulnerability affects the NightWolf Penetration Testing Platform developed by FPT Software. The advisory does not list specific versions, so any deployment of the platform that accepts user input and subsequently displays that data to users is potentially impacted.
Risk and Exploitability
The CVSS score of 6.3 indicates moderate severity, reflecting a medium base score that balances the likelihood of exploitation with the potential impact on confidentiality, integrity, and availability. Because an EPSS score is unavailable, the precise exploitation probability remains uncertain. The vulnerability is not cataloged in CISA’s KEV list, suggesting no known active exploitation. The attack vector typically involves an attacker submitting malicious payload into a stored field; the attacker must possess sufficient privileges to create or edit that data, and subsequent users who view the data will become victims.
OpenCVE Enrichment