CVE-2025-2495— Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2495
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center
Source: NVD (National Vulnerability Database)
Vulnerability Description
Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the ‘/softdial/scheduler/load.php’ resource and can redirect the victim to malicious sites or steal their login information to spoof their identity.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sytel Softdial Contact Center(Sytel SCC) 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sytel Softdial Contact Center(Sytel SCC)是Sytel公司的一个云联络中心软件。 Sytel Softdial Contact Center(Sytel SCC)存在跨站脚本漏洞,该漏洞源于/softdial/scheduler/save.php资源存储型跨站脚本,可能导致重定向或身份欺骗。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Sytel Ltd | Softdial Contact Center | all versions | - |
II. Public POCs for CVE-2025-2495
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-2495
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-2495 (1)
Same Patch Batch · Sytel Ltd · 2025-03-18 · 3 CVEs total
| CVE-2025-2493 | Path Traversal vulnerability in Softdial Contact Center | |
| CVE-2025-2494 | Unrestricted file upload vulnerability in Softdial Contact Center |
IV. Related Vulnerabilities
Same weakness: CWE-79
- CVE-2026-49044
WordPress Advanced Custom Fields: Font Awesome Field plugin - CVE-2026-49102
Webmin <2.640 XSS漏洞 - CVE-2026-47119
Agent Zero < 1.15 Stored XSS via image_get API Endpoint - CVE-2025-3633
IBM Cognos Analytics is affected by multiple security vulner - CVE-2026-42750
WordPress WPComplete plugin <= 2.9.5.4 - Cross Site Scriptin
V. Comments for CVE-2025-2495
No comments yet