exploitDog

CVE-2025-40700

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.

Ссылки

https://governalia.es/
Product
US Government Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-governalia-idi-eikon
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:idieikon:governalia:*:*:*:*:*:*:*:*

Версия до 1274 (исключая)

EPSS

Процентиль: 21%

0.00067

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2345-773c-9xg5

CVSS3: 6.1

github

2 месяца назад

Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.

EPSS

Процентиль: 21%

0.00067

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79