CVE-2025-40702
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/file" petition, "creator" and "license_holder" parameters.
Vendor
Product
CWE
Yayın Tarihi
2025-08-29 12:15:30
Güncelleme
2025-09-02 16:59:58
Source Identifier
cve-coordination@incibe.es
KEV Date Added
-