CVE-2025-40705

Sažetak

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/acquisition" petition, "name" parameter.

Reference

https://github.com/craws/OpenAtlas
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-cross-site-scripting-xss-vulnerabilities-openatlas-acdh-ch

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

29-08-2025 - 16:24

Objavljeno

29-08-2025 - 12:15