Vulnerability-Lookup
Description
The Vulnerability-Lookup software is a powerful sharing platform to assist security teams, researchers, and system administrators in identifying and tracking vulnerabilities related to specific vendors and products. By leveraging known vulnerability databases, sightings, and configurations, the software provides users with accurate and up-to-date insights into security risks.
Product name
vulnerability-lookup
Related organizations
Computer Incident Response Center LuxembourgVulnerability-Lookup
cve-2025-32413
Vulnerability from
Published
2025-04-08 00:00
Modified
2025-04-08 14:52
Severity ?
EPSS score ?
Summary
Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CIRCL | Vulnerability-Lookup |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T14:28:55.601560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T14:52:10.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vulnerability-Lookup",
"vendor": "CIRCL",
"versions": [
{
"lessThan": "2.7.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T02:27:52.326Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/vulnerability-lookup/vulnerability-lookup/commit/0a120af1de4a0a13bc2e2000f3c4639291122ba0"
},
{
"url": "https://github.com/vulnerability-lookup/vulnerability-lookup/compare/v2.7.0...v2.7.1"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32413",
"datePublished": "2025-04-08T00:00:00.000Z",
"dateReserved": "2025-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-08T14:52:10.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 1 - 1 organizations in total 1