{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T05:01:27.001","vulnerabilities":[{"cve":{"id":"CVE-2025-22274","sourceIdentifier":"cvd@cert.pl","published":"2025-02-28T13:15:28.067","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cvd@cert.pl","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"It is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\n\n\nThis issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer."},{"lang":"es","value":"Es posible inyectar código HTML en el contenido de la página mediante el campo \"contenido\" en la página \"Definición de la aplicación\". Este problema afecta a CyberArk Endpoint Privilege Manager en la versión SaaS 24.7.1. Se desconoce el estado de otras versiones. Después de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://cert.pl/en/posts/2025/02/CVE-2025-22270/","source":"cvd@cert.pl"},{"url":"https://cert.pl/posts/2025/02/CVE-2025-22270/","source":"cvd@cert.pl"},{"url":"https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm","source":"cvd@cert.pl"}]}}]}