Bitdefender SecurePass Psono-Client Cross-Site Scripting Vulnerability

Vulnerability

A Cross-Site Scripting (XSS) vulnerability exists in the Psono-Client component of Bitdefender SecurePass. This issue arises from improper sanitization of the URL field in vault entries categorized as website_password and bookmark. An attacker can create a malicious vault entry containing a javascript:URL, or persuade a user to create or import such an entry. When the user interacts with the entry, the application executes the embedded JavaScript within the context of the Psono vault. This exploitation could allow access to the user's password vault and sensitive information.

Impact

Exploitation of this vulnerability enables Cross-Site Scripting, allowing an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially accessing sensitive data in the user's password vault.

Added: Jun 21, 2025, 10:18 PM

Updated: Jun 21, 2025, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.5

exploitability

6.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.5

exploitability

6.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bitdefender SecurePass Psono-Client Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating