Security Advisory

CVE-2025-68115

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-16 00:56:23

Last updated 2025-12-16 21:20:24

Assigner GitHub_M

State PUBLISHED

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Servers password reset and email verification HTML pages. The patch, available in versions 8.6.1 and 9.1.0-alpha.3, escapes user controlled values that are inserted into the HTML pages. No known workarounds are available.

← Browse all CVEs View on cve.org ↗