CVE-2025-0424

Published Feb 18, 2025

Last updated 10 months ago

CVSS medium 5.1

Overview

Description
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their session using an "Authenticated Stored Cross-Site Scripting". Those other users might have more privileges than the attacker, enabling a form of horizontal movement.
Source
vulnerability@ncsc.ch
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

Weaknesses

vulnerability@ncsc.ch
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2025-0424 In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An … https://t.co/5MokAwEQTt

    @CVEnew

    18 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.