CVE-2025-1888
CVE-2025-1888
Título es
CVE-2025-1888
Vie, 14/03/2025 – 17:15
Tipo
CWE-79
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-1888
Descripción en
The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.
14/03/2025
14/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
4.60
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
https://blog.blacklanternsecurity.com/p/cve-2025-1888reflected-xss-in-aperio
Enviar en el boletín
Off
