CVE-2025-68115 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflecte…
Medium CVSS: 5.3

CVE-2025-68115

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available in versions 8.6.1 and 9.1.0-alpha.3, escapes user controlled values that are inserted into the HTML pages. No known workarounds are available.
Vendor
Parseplatform
Product
Parse-server
CWE
CWE-79
Yayın Tarihi
2025-12-16 01:15:53
Güncelleme
2026-01-02 16:49:12
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-79 Parse-server MEDIUM Parseplatform 2025

Referanslar

https://github.com/parse-community/parse-server/pull/9985 https://github.com/parse-community/parse-server/pull/9986 https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv