CVE-2025-54890: Cross-Site Scripting (XSS) Stored
CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-54890
Summary
A user with elevated privileges can inject XSS in the Hostgroups configuration page.
Impact
- Session hijacking: Stealing cookies or authentication tokens to impersonate users.
- Credential theft: Harvesting usernames and passwords using malicious scripts.
- Malware delivery: Distributing unwanted or harmful code to victims.
- Privilege escalation: Compromising administrative users through persistent scripts.
- Data manipulation or defacement: Changing or disrupting site content.
- Reputation damage: Eroding trust among site users and administrators.
Reference
Finder
By: CVE-Hunters