Home / Vulnerability Intelligence / CVE-2025-69606

CVE-2025-69606 - Vulnerability Analysis

MediumCVSS: 6.1

Last Updated: May 1, 2026

GSVoIP - Stored XSS

Published: May 1, 2026Updated: May 1, 2026PoC AvailableRemote Exploitable

Overview

GSVoIP web panel 2.0.90 contains a stored XSS caused by improper sanitization of the "msg" parameter in /painel/gateways.php/error, letting remote attackers execute arbitrary JavaScript via crafted URLs, exploit requires victim interaction.

Severity & Score

Severity: Medium

CVSS Score: 6.1

Impact

Remote attackers can execute arbitrary JavaScript in victim browsers, leading to session hijacking or phishing.

Mitigation

Update to the latest version that patches this vulnerability.

References

https://sip2.solutionsvoip.com.br/painel/gateways.php/error?msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
https://www.solutionsvoip.com.br/
https://github.com/Razielx64/CVE-2025-69606-GSVoIP-XSS

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-69606
Severity: Medium
CVSS Score: 6.1
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N