MEDIUM🇵🇱 Wersja polska

CVE-2025-0709

CVSS 5.1v4.0pub. 2025-01-24upd. 2025-05-07

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Dcatadmin Dcat Admin

    APP
    Dcatadmin
    2.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-65656CRITICAL9.8PL ✓ten sam produkt

File inclusion w Dcat Admin — zdalne wykonanie kodu bez uwierzytelnienia

CVE-2024-54774MEDIUM4.8ten sam produkt

Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.

CVE-2024-54775MEDIUM4.8ten sam produkt

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/men...

CVE-2024-29644MEDIUM6.1ten sam produkt

Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitr...

CVE-2023-33736MEDIUM5.4ten sam produkt

A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitr...