CVE-2025-40709

Medium CVSS: 5.1

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/person/<ID>” petition, "name" and "alias-0” parameters.

Vendor

Craws

Product

Openatlas

CWE

CWE-79

Yayın Tarihi

2025-08-29 12:15:32

Güncelleme

2025-09-02 13:31:57

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-79 Openatlas MEDIUM Craws 2025

Referanslar

https://github.com/craws/OpenAtlas https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-cross-site-scripting-xss-vulnerabilities-openatlas-acdh-ch

Benzer Kayıtlar

Medium

CVE-2025-60917

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Insti…

Medium

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensit…

High

CVE-2025-60915

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allo…

Medium

CVE-2025-60916

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Insti…

Medium

CVE-2025-56423

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attac…

Medium

CVE-2025-40707

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultura…