← back
CVE-2025-65640

CVE-2025-65640

CVSS 6.3 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (10 stars) — exploitation code widely available.
CVSS 6.3EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
28 May 2026Public PoC
04 Jun 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript code within these fields, the application fails to properly sanitize or escape the content. As a result, the injected script is executed when the page is rendered, allowing the attacker to execute arbitrary JavaScript in the context of other users' browsers who view the affected page.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.