CVE-2025-10909

Опубликовано: 24 сент. 2025

Источник: nvd

CVSS3: 2.4

CVSS3: 2.1

CVSS2: 3.3

EPSS Низкий

Описание

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Ссылки

https://karinagante.github.io/cve-2025-10909/
https://karinagante.github.io/cve-2025-10909/#proof-of-concept-poc
https://vuldb.com/?ctiid.325696
https://vuldb.com/?id.325696
https://vuldb.com/?submit.651379

EPSS

Процентиль: 1%

0.00012

Низкий

2.4 Low

CVSS3

2.1 Low

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4c44-r8rm-3p39

CVSS3: 2.4

github

5 месяцев назад

Mangati NovoSGA XSS vulnerability in /admin

EPSS

Процентиль: 1%

0.00012

Низкий

2.4 Low

CVSS3

2.1 Low

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79