CVE-2025-51053

Medium CVSS: 6.1

A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.

Vendor

Vedo Suite Project

Product

Vedo Suite

CWE

CWE-79

Yayın Tarihi

2025-08-06 21:15:29

Güncelleme

2025-10-09 17:35:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Vedo Suite MEDIUM Vedo Suite Project 2025

Referanslar

http://bottinelli.com https://github.com/jacopoaugelli/vedo-suite-exploits

Benzer Kayıtlar

High

CVE-2025-51055

Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 202…

High

CVE-2025-51056

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write t…

Medium

CVE-2025-51057

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read a…

Medium

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/pr…

Medium

CVE-2025-51052

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem…

Medium

CVE-2025-51054

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privi…