CVE-2025-65640: Stored XSS in Arket Globe Document Intelligence 5.0.0.559
Arket Globe Document Intelligence version 5.0.0.559 contains a reflected cross-site scripting (XSS) vulnerability in the "Task in Progress / Recent" page. An authenticated attacker can inject malicious JavaScript into document creation fields that will execute in the browsers of other users viewing that page, potentially allowing session hijacking, credential theft, or other malicious actions performed on behalf of those users.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
- Weaknesses (CWE)
- CWE-79
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-04 / 2026-06-17
NVD description (verbatim)
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript code within these fields, the application fails to properly sanitize or escape the content. As a result, the injected script is executed when the page is rendered, allowing the attacker to execute arbitrary JavaScript in the context of other users' browsers who view the affected page.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from insufficient input validation and output encoding in the document creation workflow. When users submit text containing JavaScript payloads to specific fields on the "Task in Progress / Recent" page, the application fails to sanitize or HTML-escape the content before rendering it in the DOM. This allows attacker-controlled script tags or event handlers to execute with the security context of legitimate users' sessions. The flaw is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation).
Business impact
Exploitation enables attackers with valid credentials to compromise other users' sessions and perform unauthorized actions within the application. Potential impacts include unauthorized document access or modification, credential harvesting through phishing overlays, lateral movement within the organization, or exfiltration of sensitive intelligence data processed by the Document Intelligence platform. The attack requires prior authentication but does not require administrator privileges, making it accessible to any legitimate user account.
Affected systems
Arket Globe Document Intelligence version 5.0.0.559 is confirmed vulnerable. Organizations running this specific build should assume exposure. Verify your installed version against this build number; later patches may already address this issue, but earlier versions should be assessed as potentially vulnerable as well pending vendor guidance.
Exploitability
Exploitability is moderately straightforward. The attack requires valid credentials (reducing opportunistic risk) but does not require social engineering of victims—the malicious document simply needs to be viewable by target users. No special browser plugins or client-side vulnerabilities are needed; standard XSS payloads suffice. The attack vector is network-accessible, and the vulnerability can be reliably triggered by submitting structured payloads to the document creation interface.
Remediation
Contact Arket Globe to obtain a patched version of Document Intelligence. Verify the availability and contents of any security updates released after the CVE publication date (2026-06-04). Implement comprehensive input validation and output encoding in all user-facing forms and rendering logic to eliminate XSS attack surface.
Patch guidance
Check the Arket Globe security advisories and support portal for patches issued on or after 2026-06-17 (the vulnerability modification date). Patches should be applied to all instances of Document Intelligence in your environment. Prior to patching, consider restricting access to the affected application or disabling the document creation feature if operationally feasible. Test patches in a non-production environment before deployment.
Detection guidance
Monitor for XSS-like payloads in document creation requests (e.g., script tags, event handler attributes, JavaScript URIs). Review access logs and document audit trails for suspicious new documents created by low-privileged or external users. Perform manual review of recently created documents for embedded JavaScript or encoded payloads. Deploy web application firewalls configured to detect and block common XSS patterns in POST requests to the vulnerable endpoint.
Why prioritize this
Medium severity due to the requirement for valid authentication and the need for victims to view the malicious document. However, the combination of high confidentiality impact (credential and data theft) with low barrier to exploitation among authenticated users warrants prompt patching. Organizations with large user bases or sensitive document repositories should escalate priority.
Risk score, explained
The CVSS 3.1 score of 6.3 reflects a network-accessible vulnerability requiring valid credentials (PR:L) and user interaction (UI:R) to trigger. The high confidentiality impact (C:H) reflects the ability to steal session tokens or sensitive data; the limited integrity impact (I:L) reflects that the attacker modifies document display rather than underlying data. Availability is not affected (A:N).
Frequently asked questions
Do I need administrative access to exploit this vulnerability?
No. Any authenticated user account can inject XSS payloads into document creation fields. This makes the vulnerability accessible to lower-privileged staff or external users with legitimate credentials.
What versions of Arket Globe Document Intelligence are affected?
Version 5.0.0.559 is confirmed vulnerable. Consult Arket Globe advisories to determine the full range of affected versions and the minimum patched version.
Can this vulnerability be exploited without tricking users into clicking something?
The attacker must create a document containing the malicious payload, but other users simply need to view that document for the script to execute. No additional phishing or social engineering is required once the document exists.
How does this differ from stored vs. reflected XSS?
This is a stored XSS vulnerability because the malicious payload persists within the document and executes every time any user views that document, rather than being reflected in a single response.
This analysis is based on the CVE description and CVSS assessment as of 2026-06-17. No exploit code or proof-of-concept is provided. Organizations should verify patch availability and applicability with Arket Globe directly. This vulnerability intelligence does not constitute a guarantee of security or compliance. Always conduct thorough testing before deploying patches in production environments. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2019-25731MEDIUMStored XSS in Zuz Music 2.1 Contact Form
- CVE-2019-25737MEDIUMStored XSS in Live Chat Unlimited 2.8.3 – Admin Session Compromise
- CVE-2019-25739MEDIUMGigToDo 1.3 Stored XSS Vulnerability in Proposal Descriptions
- CVE-2019-25742MEDIUMStored XSS in Zoner Real Estate WordPress Theme 4.1.1 – Admin Account Compromise Risk
- CVE-2019-25743MEDIUMWordPress Soliloquy Lite 2.5.6 Stored XSS Vulnerability
- CVE-2019-25744MEDIUMWordPress Popup Builder 3.49 Stored XSS Vulnerability – Exploit Prevention & Patch Guide
- CVE-2025-14042MEDIUMStored XSS in Automotive Car Dealership Business WordPress Theme 13.4.1