Security Advisory

CVE-2025-40708

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-29 11:18:03

Last updated 2025-08-29 13:44:55

Assigner INCIBE

State PUBLISHED

Description

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/event" petition, "name" parameter.

← Browse all CVEs View on cve.org ↗