exploitDog

CVE-2025-40709

Опубликовано: 29 авг. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/person/” petition, "name" and "alias-0” parameters.

Ссылки

https://github.com/craws/OpenAtlas
Product
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-cross-site-scripting-xss-vulnerabilities-openatlas-acdh-ch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craws:openatlas:8.9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rrcr-6rg5-cgmj

CVSS3: 5.4

github

5 месяцев назад

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/person/<ID>” petition, "name" and "alias-0” parameters.

EPSS

Процентиль: 9%

0.00032

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79