Security Advisory

CVE-2025-36558

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-01 18:44:22

Last updated 2025-05-02 12:48:13

Assigner icscert

State PUBLISHED

Description

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an sso_token, that script will reply to the user and be executed.

← Browse all CVEs View on cve.org ↗