Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by Vanderlande
CVE-2025-11308 (GCVE-0-2025-11308)
Vulnerability from cvelistv5 – Published: 2025-10-05 22:32 – Updated: 2025-10-06 16:07
VLAI?
Title
Vanderlande Baggage 360 messages cross site scripting
Summary
A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vanderlande | Baggage 360 |
Affected:
7.0.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T16:07:20.458182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:07:23.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md#http-proof-of-concept-poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Baggage 360",
"vendor": "Vanderlande",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "YasserREED (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Vanderlande Baggage 360 7.0.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /api-addons/v1/messages. Durch das Beeinflussen des Arguments Message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-05T22:32:05.623Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327189 | Vanderlande Baggage 360 messages cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327189"
},
{
"name": "VDB-327189 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327189"
},
{
"name": "Submit #662216 | Vanderlande OpenAIR - Baggage 360 v7.0.0 Cross-Site Scripting (XSS) Stored",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.662216"
},
{
"tags": [
"related"
],
"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md#http-proof-of-concept-poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-05T07:59:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "Vanderlande Baggage 360 messages cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11308",
"datePublished": "2025-10-05T22:32:05.623Z",
"dateReserved": "2025-10-05T05:54:04.599Z",
"dateUpdated": "2025-10-06T16:07:23.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}