CVE-2025-30092
📋 TL;DR
This vulnerability allows cross-site scripting (XSS) attacks in Intrexx Portal Server through multiple Velocity scripts. Attackers can inject malicious scripts that execute in users' browsers when viewing affected pages. Organizations running vulnerable versions of Intrexx Portal Server are affected.
💻 Affected Systems
- Intrexx Portal Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or deface the portal interface.
Likely Case
Attackers steal session cookies or authentication tokens to hijack user sessions and gain unauthorized access to portal functions.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before reaching users' browsers.
🎯 Exploit Status
XSS vulnerabilities typically require user interaction or social engineering to trigger, but exploitation is technically straightforward once the injection point is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.0.3 and 11.9.3
Vendor Advisory: https://security.intrexx.com/en/security-advisories/ixsa-20250310-02/
Restart Required: Yes
Instructions:
1. Download the latest version from the Intrexx customer portal. 2. Backup your current installation. 3. Apply the update following Intrexx upgrade procedures. 4. Restart the portal server.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize user input before processing by Velocity scripts.
Content Security Policy
allImplement strict Content Security Policy headers to restrict script execution sources.
Add 'Content-Security-Policy: script-src 'self'' to HTTP headers
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to detect and block XSS payloads
- Disable or restrict access to affected Velocity script functionality if not required
🔍 How to Verify
Check if Vulnerable:
Check the portal version in the administration interface or by examining the installation directory version files.Check Version:
Check the version.txt file in the Intrexx installation directory or use the portal administration interface.Verify Fix Applied:
Verify the portal version shows 12.0.3 or higher, or 11.9.3 or higher after patching.📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in request parameters
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests containing suspicious script patterns or encoded payloads
SIEM Query:
web_requests WHERE (url CONTAINS '<script' OR parameters CONTAINS 'javascript:' OR parameters CONTAINS 'onload=' OR parameters CONTAINS 'onerror=')