exploitDog

CVE-2025-60917

Опубликовано: 24 нояб. 2025

Источник: nvd

CVSS3: 4.6

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.

Ссылки

https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-xss-in-farb-feldern-ort/
Third Party Advisory
https://www.sec4you-pentest.com/schwachstellen/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craws:openatlas:*:*:*:*:*:*:*:*

Версия до 8.12.0 (включая)

EPSS

Процентиль: 14%

0.00045

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-pfqv-7pgg-f6v4

CVSS3: 4.6

github

3 месяца назад

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.

EPSS

Процентиль: 14%

0.00045

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-79