CVE-2025-48051

Опубликовано: 15 мая 2025

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

EPSS Низкий

Описание

powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML.

Ссылки

https://github.com/lichess-org/lila/blob/7b82f35d15f9113ac8a0a9271d34bef4f6119e9f/ui/site/src/powertip.ts#L60
Product
https://github.com/lichess-org/lila/commit/ab0beaf0ad671761705d9274663c5dc450608527
Patch
https://github.com/lichess-org/lila/security/advisories/GHSA-9xhx-p3c5-p4v6
Exploit
Vendor Advisory
https://github.com/lichess-org/lila/security/advisories/GHSA-9xhx-p3c5-p4v6
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lichess:powertip.ts:*:*:*:*:*:*:*:*

Версия до 2025-03-27 (исключая)

EPSS

Процентиль: 18%

0.00057

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-chv9-fg26-xg8h

CVSS3: 4.7

github

9 месяцев назад

powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML.

EPSS

Процентиль: 18%

0.00057

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79