# CVE-2025-45778
CVE-2025-45778: Authenticated Stored XSS.

An authenticated stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary JavaScript or HTML code via injecting a crafted payload into the "Description" text field when creating a new project.

<img width="1501" height="709" alt="image" src="https://github.com/user-attachments/assets/122f17b9-5783-4021-b900-f5d943b8cecc" />

Once the payload is injected, every time that a user opens the page it will trigger the payload.

<img width="840" height="279" alt="image" src="https://github.com/user-attachments/assets/36dbefad-2f5e-439f-82a6-988db973ead7" />

A simple payload such as `<script>alert('XSS')</script>` is enough to trigger the Stored XSS vulnerability.

The vendor is aware of the vulnerability and authorized the publication of this article.

# Credits for discovery
Ivan Carlos Oliveira (smarttfoxx), Filipe Ortega (Lain), Rogerio Josef Massouh (V01)