Login Sign Up

CVE-2025-61549

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This Cross-Site Scripting (XSS) vulnerability in Print Shop Pro WebDesk allows attackers to inject malicious JavaScript via the LoginID parameter. When exploited, it can execute arbitrary code in victims' browsers, potentially stealing session cookies or performing unauthorized actions. Organizations using edu Business Solutions Print Shop Pro WebDesk version 18.34 are affected.

💻 Affected Systems

Products:
  • edu Business Solutions Print Shop Pro WebDesk
Versions: 18.34
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the /PSP/app/web/reg/reg_display.asp endpoint with LoginID parameter.

📦 What is this software?

Print Shop Pro Webdesk by Edubusinesssolutions

View all CVEs affecting Print Shop Pro Webdesk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full system access, and compromise sensitive data or deploy ransomware.

🟠

Likely Case

Attackers steal user session cookies to impersonate legitimate users and access their data.

🟢

If Mitigated

Proper input validation and output encoding prevent exploitation, limiting impact to failed attack attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS payloads can be delivered via phishing or malicious links; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Contact vendor for patch availability. 2. Apply vendor-provided patch. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rule

all

Block malicious XSS payloads targeting the LoginID parameter.

WAF-specific configuration required

Input Validation Filter

windows

Implement server-side validation to sanitize LoginID input.

ASP code modification required

🧯 If You Can't Patch

  • Disable or restrict access to the /PSP/app/web/reg/reg_display.asp endpoint.
  • Implement Content Security Policy (CSP) headers to mitigate script execution.

🔍 How to Verify

Check if Vulnerable:

Test by injecting <script>alert('XSS')</script> into LoginID parameter and checking if script executes.

Check Version:

Check application version in admin interface or configuration files.

Verify Fix Applied:

Re-test with same payload; script should not execute and input should be properly encoded.

📡 Detection & Monitoring

Log Indicators:

  • Unusual long or script-like strings in LoginID parameter logs
  • Multiple failed login attempts with suspicious payloads

Network Indicators:

  • HTTP requests to reg_display.asp with script tags in parameters
  • Outbound connections to unknown domains after login attempts

SIEM Query:

source="web_logs" AND uri="/PSP/app/web/reg/reg_display.asp" AND (param="LoginID" AND value CONTAINS "<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2025-61549
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.03% exploit probability (9th percentile)
Published: January 8, 2026
Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61549, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)