admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-13 18:34:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-254xx/CVE-2025-25460.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

68 lines
2.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-25460",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-24T16:15:14.873",
"lastModified": "2025-02-24T17:15:13.900",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the \"Add Entry\" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the \"TextArea\" field in the blog entry submission form."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en FlatPress 1.3.1 dentro de la funci\u00f3n \"Add Entry\". Esta vulnerabilidad permite a los atacantes autenticados inyectar payloads de JavaScript maliciosos en las publicaciones del blog, que se ejecutan cuando otros usuarios ven las publicaciones. El problema surge debido a una depuraci\u00f3n incorrecta de la entrada del campo \"TextArea\" en el formulario de env\u00edo de entradas del blog."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/RoNiXxCybSeC0101/CVE-2025-25460",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/flatpressblog/flatpress",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/RoNiXxCybSeC0101/CVE-2025-25460",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}
Reference in New Issue View Git Blame Copy Permalink