CVE-2025-40709 in OpenAtlasinformación

Resumen

por MITRE • 2025-08-29

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/person/” petition, "name" and "alias-0” parameters.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsable

INCIBE

Reservar

2025-04-16

Divulgación

2025-08-29

Moderación

aceptado

Artículo

VDB-321910

CPE

listo

EPSS

0.00201

KEV

no

Actividades

muy bajo

Fuentes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!