CVE-2025-60916

Medium CVSS: 5.4

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.

Vendor

Craws

Product

Openatlas

CWE

CWE-79

Yayın Tarihi

2025-11-24 16:15:50

Güncelleme

2025-11-28 16:22:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Openatlas MEDIUM Craws 2025

Referanslar

https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-reflected-dom-based-xss-charge/ https://www.sec4you-pentest.com/schwachstellen/

Benzer Kayıtlar

Medium

CVE-2025-60917

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Insti…

Medium

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensit…

High

CVE-2025-60915

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allo…

Medium

CVE-2025-56423

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attac…

Medium

CVE-2025-40707

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultura…

Medium

CVE-2025-40708

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultura…