exploitDog

CVE-2025-25476

Опубликовано: 28 фев. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component.

Ссылки

https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25476
Exploit
Third Party Advisory
https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25476
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:syspass:syspass:*:*:*:*:*:*:*:*

Версия от 3.2.0 (включая) до 3.2.11 (включая)

EPSS

Процентиль: 21%

0.0007

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-f7qf-3422-vc6q

CVSS3: 5.4

github

11 месяцев назад

A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component.

EPSS

Процентиль: 21%

0.0007

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79