XSS in Akcess-net Lepszy Bip
CVE-2025-7761
Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. Th…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (33.4th percentile) — read the EPSS interpretation.
Affected products
- Akcess-net Lepszy Bip — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)
Frequently asked questions
- What is CVE-2025-7761?
- CVE-2025-7761 is a vulnerability in Akcess-net Lepszy Bip, classified under Cross-site Scripting. Published 2025-08-14.
- Is CVE-2025-7761 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.