CVE-2025-40708 in OpenAtlas
Сводка
по MITRE • 29.08.2025
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/event" petition, "name" parameter.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.