exploitDog

CVE-2025-40706

Опубликовано: 29 авг. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/source" petition, "name" parameter.

Ссылки

https://github.com/craws/OpenAtlas
Product
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-cross-site-scripting-xss-vulnerabilities-openatlas-acdh-ch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craws:openatlas:8.9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00053

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-28g2-5g7h-g9v7

github

3 месяца назад

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/source" petition, "name" parameter.

EPSS

Процентиль: 17%

0.00053

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79