CVE-2025-40708 in OpenAtlasالمعلومات

الملخص

بحسب MITRE • 29/08/2025

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/event" petition, "name" parameter.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

مسؤول

INCIBE

حجز

16/04/2025

إفشاء

29/08/2025

الاعتدال

تمت الموافقة

إدخال

VDB-321909

EPSS

0.00201

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you know our Splunk app?

Download it now for free!