Security Advisory

CVE-2025-66040

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-26 23:14:44

Last updated 2025-11-28 15:25:40

Assigner GitHub_M

State PUBLISHED

Description

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the users browser during OAuth authentication. This issue has been patched in version 2.25.2.

← Browse all CVEs View on cve.org ↗