ГлавнаяУязвимости → CVE-2025-25477
8.1высокая

CVE-2025-25477

Описание

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.

Затрагиваемое ПО
Syspass Syspass
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Источники
https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25477