exploitDog

CVE-2025-60916

Опубликовано: 24 нояб. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.

Ссылки

https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-reflected-dom-based-xss-charge/
Third Party Advisory
https://www.sec4you-pentest.com/schwachstellen/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craws:openatlas:*:*:*:*:*:*:*:*

Версия до 8.12.0 (включая)

EPSS

Процентиль: 20%

0.00064

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-33pc-42rm-x55v

CVSS3: 5.4

github

3 месяца назад

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.

EPSS

Процентиль: 20%

0.00064

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79