CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-40702

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/file" petition, "creator" and "license_holder" parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/craws/OpenAtlas
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-cross-site-scripting-xss-vulnerabilities-openatlas-acdh-ch

Products affected by CVE-2025-40702

Craws » Openatlas » Version: 8.9.0

cpe:2.3:a:craws:openatlas:8.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-40702

Products

Pricing

Contact Us