cbcvebase.
CVE-2025-6923
published 2025-12-09

CVE-2025-6923: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This…

PriorityP423medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.15%
5.0th percentile
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 42957.

Affected

10 ranges
VendorProductVersion rangeFixed in
msrcazl3_python3_3.12.3-3_on_azure_linux_3.0
msrcazl3_python3_3.12.3-5_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_python3_3.9.19-13_on_cbl_mariner_2.0
msrccbl2_python3_3.9.19-8_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
talent_softwareunis< 4295742957

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.