Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by Partner Software
CVE-2025-6078 (GCVE-0-2025-6078)
Vulnerability from cvelistv5 – Published: 2025-08-02 02:15 – Updated: 2025-11-03 20:06
VLAI
Title
CVE-2025-6078
Summary
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Partner Software | Partner Web |
Affected:
4.32 , < 4.32.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T14:15:49.200812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T14:17:02.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:49.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/317469"
},
{
"url": "https://www.kb.cert.org/vuls/id/317469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Partner Web",
"vendor": "Partner Software",
"versions": [
{
"lessThan": "4.32.2",
"status": "affected",
"version": "4.32",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Partner Software\u0027s Partner Software application and Partner Web application allows an authenticated user to add notes on the \u0027Notes\u0027 page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T02:15:55.155Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://partnersoftware.com/resources/software-release-info-4-32/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-6078",
"x_generator": {
"engine": "VINCE 3.0.21",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-6078"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-6078",
"datePublished": "2025-08-02T02:15:55.155Z",
"dateReserved": "2025-06-13T15:20:26.334Z",
"dateUpdated": "2025-11-03T20:06:49.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6077 (GCVE-0-2025-6077)
Vulnerability from cvelistv5 – Published: 2025-08-02 02:15 – Updated: 2025-11-03 20:06
VLAI
Title
CVE-2025-6077
Summary
Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Partner Software | Partner Web |
Affected:
4.32 , < 4.32.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:47:31.685397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:48:27.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:47.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/317469"
},
{
"url": "https://www.kb.cert.org/vuls/id/317469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Partner Web",
"vendor": "Partner Software",
"versions": [
{
"lessThan": "4.32.2",
"status": "affected",
"version": "4.32",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Partner Software\u0027s Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1391",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T02:15:45.052Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://partnersoftware.com/resources/software-release-info-4-32/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-6077",
"x_generator": {
"engine": "VINCE 3.0.21",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-6077"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-6077",
"datePublished": "2025-08-02T02:15:45.052Z",
"dateReserved": "2025-06-13T15:18:43.511Z",
"dateUpdated": "2025-11-03T20:06:47.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6076 (GCVE-0-2025-6076)
Vulnerability from cvelistv5 – Published: 2025-08-02 02:15 – Updated: 2025-11-03 20:06
VLAI
Title
CVE-2025-6076
Summary
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Partner Software | Partner Web |
Affected:
4.32 , < 4.32.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T14:00:45.636018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T14:02:00.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:46.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/317469"
},
{
"url": "https://www.kb.cert.org/vuls/id/317469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Partner Web",
"vendor": "Partner Software",
"versions": [
{
"lessThan": "4.32.2",
"status": "affected",
"version": "4.32",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Partner Software\u0027s Partner Software application and Partner Web application do not sanitize files uploaded on the \"reports\" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T02:15:31.536Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://partnersoftware.com/resources/software-release-info-4-32/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-6076",
"x_generator": {
"engine": "VINCE 3.0.21",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-6076"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-6076",
"datePublished": "2025-08-02T02:15:31.536Z",
"dateReserved": "2025-06-13T15:17:17.314Z",
"dateUpdated": "2025-11-03T20:06:46.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}