Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-2361

Опубликовано: 17 мар. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 4.3

Описание

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

noble

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 39%
0.00176
Низкий

5 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-2361

CVSS3: 4.3
nvd
10 месяцев назад

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

debian логотип

CVE-2025-2361

CVSS3: 4.3
debian
10 месяцев назад

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has ...

suse-cvrf логотип

SUSE-SU-2025:1054-1

suse-cvrf
10 месяцев назад

Security update for mercurial

github логотип

GHSA-4hg3-3xxj-v749

CVSS3: 4.3
github
10 месяцев назад

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

fstec логотип

BDU:2025-08597

CVSS3: 4.3
fstec
10 месяцев назад

Уязвимость программного средства управления версиями Mercurial, связаная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнять атаки с использованием межсайтового скриптинга (XSS)

EPSS

Процентиль: 39%
0.00176
Низкий

5 Medium

CVSS2

4.3 Medium

CVSS3