exploitDog

CVE-2025-40730

Опубликовано: 28 июл. 2025

Источник: nvd

EPSS Низкий

Описание

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-vox-medias-chorus-cms

EPSS

Процентиль: 17%

0.00054

Низкий

Дефекты

CWE-79

Связанные уязвимости

GHSA-m5fx-pj87-fhww

github

6 месяцев назад

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

EPSS

Процентиль: 17%

0.00054

Низкий

Дефекты

CWE-79