Security Advisory

CVE-2025-1420

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-21 13:04:23

Last updated 2025-05-21 13:24:17

Assigner CERT-PL

State PUBLISHED

Description

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

← Browse all CVEs View on cve.org ↗