Security Advisory

CVE-2025-11687

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-26 19:36:28
Last updated 2026-01-26 21:02:29
Assigner redhat
State PUBLISHED

Description

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS).