CVE-2025-27800 (GCVE-0-2025-27800)
Vulnerability from cvelistv5 – Published: 2025-07-28 08:33 – Updated: 2025-11-03 19:46
VLAI?
Summary
The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser.
The Admin dashboard offered the functionality to add gadgets to the dashboard.
This included the "Notes" gadget. An authenticated attacker with the corresponding
access rights (such as "WebAdmin") that was impersonating the victim could insert
malicious JavaScript code in these notes that would be executed if the victim
visited the dashboard.
Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3)
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Optimizely | Episerver Content Management System (CMS) |
Affected:
11.x , < 11.21.4
(custom)
Affected: 12.x , < 12.22.1 (custom) |
Credits
Kai Zimmermann, SEC Consult Vulnerability Lab
Felix Beie, SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T16:53:49.798098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:54:13.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:46:24.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Aug/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"EPiServer.CMS.Core"
],
"product": "Episerver Content Management System (CMS)",
"vendor": "Optimizely",
"versions": [
{
"lessThan": "11.21.4",
"status": "affected",
"version": "11.x",
"versionType": "custom"
},
{
"lessThan": "12.22.1",
"status": "affected",
"version": "12.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kai Zimmermann, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Felix Beie, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\u003cbr\u003e\n\n\u003c/span\u003e\u003cbr\u003eThe Admin dashboard offered the functionality to add gadgets to the dashboard.\nThis included the \"Notes\" gadget. An authenticated attacker with the corresponding\naccess rights (such as \"WebAdmin\") that was impersonating the victim could insert\nmalicious JavaScript code in these notes that would be executed if the victim\nvisited the dashboard.\u003cbr\u003e\u003cbr\u003eAffected products: Version 11.X: EPiServer.CMS.Core (\u0026lt;11.21.4) with EPiServer.CMS.UI (\u0026lt;11.37.5), Version 12.X: EPiServer.CMS.Core (\u0026lt;12.22.1) with EPiServer.CMS.UI (\u0026lt;11.37.3)\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\n\n\n\nThe Admin dashboard offered the functionality to add gadgets to the dashboard.\nThis included the \"Notes\" gadget. An authenticated attacker with the corresponding\naccess rights (such as \"WebAdmin\") that was impersonating the victim could insert\nmalicious JavaScript code in these notes that would be executed if the victim\nvisited the dashboard.\n\nAffected products: Version 11.X: EPiServer.CMS.Core (\u003c11.21.4) with EPiServer.CMS.UI (\u003c11.37.5), Version 12.X: EPiServer.CMS.Core (\u003c12.22.1) with EPiServer.CMS.UI (\u003c11.37.3)"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T09:36:10.631Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#"
},
{
"tags": [
"patch"
],
"url": "https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/optimizely"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vendor already provides a security patch (updated packages) which should be \ninstalled immediately.\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "The vendor already provides a security patch (updated packages) which should be \ninstalled immediately."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-27800",
"datePublished": "2025-07-28T08:33:24.304Z",
"dateReserved": "2025-03-07T06:46:34.308Z",
"dateUpdated": "2025-11-03T19:46:24.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27800\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2025-07-28T09:15:34.387\",\"lastModified\":\"2025-11-03T20:18:07.050\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\\n\\n\\n\\nThe Admin dashboard offered the functionality to add gadgets to the dashboard.\\nThis included the \\\"Notes\\\" gadget. An authenticated attacker with the corresponding\\naccess rights (such as \\\"WebAdmin\\\") that was impersonating the victim could insert\\nmalicious JavaScript code in these notes that would be executed if the victim\\nvisited the dashboard.\\n\\nAffected products: Version 11.X: EPiServer.CMS.Core (\u003c11.21.4) with EPiServer.CMS.UI (\u003c11.37.5), Version 12.X: EPiServer.CMS.Core (\u003c12.22.1) with EPiServer.CMS.UI (\u003c11.37.3)\"},{\"lang\":\"es\",\"value\":\"Episerver Content Management System (CMS) by Optimizely se vio afectado por m\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) almacenado. Esto permiti\u00f3 que un atacante autenticado ejecutara c\u00f3digo JavaScript malicioso en el navegador de la v\u00edctima. El panel de administraci\u00f3n permit\u00eda a\u00f1adir gadgets, incluido el gadget \\\"Notes\\\". Un atacante autenticado con los permisos de acceso correspondientes (como \\\"WebAdmin\\\") que se hiciera pasar por la v\u00edctima pod\u00eda insertar c\u00f3digo JavaScript malicioso en estas notas, que se ejecutar\u00eda si la v\u00edctima visitaba el panel. Productos afectados: Versi\u00f3n 11.X: EPiServer.CMS.Core (\u0026lt;11.21.4) con EPiServer.CMS.UI (\u0026lt;11.37.5), Versi\u00f3n 12.X: EPiServer.CMS.Core (\u0026lt;12.22.1) con EPiServer.CMS.UI (\u0026lt;11.37.3).\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://r.sec-consult.com/optimizely\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Aug/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2025/Aug/18\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:46:24.615Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27800\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-28T16:53:49.798098Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-28T16:53:57.236Z\"}}], \"cna\": {\"title\": \"Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kai Zimmermann, SEC Consult Vulnerability Lab\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Felix Beie, SEC Consult Vulnerability Lab\"}], \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 4.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Optimizely\", \"modules\": [\"EPiServer.CMS.Core\"], \"product\": \"Episerver Content Management System (CMS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.x\", \"lessThan\": \"11.21.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"12.x\", \"lessThan\": \"12.22.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor already provides a security patch (updated packages) which should be \\ninstalled immediately.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vendor already provides a security patch (updated packages) which should be \\ninstalled immediately.\u003cbr\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://api.nuget.optimizely.com/packages/episerver.cms.core/11.21.4#\", \"tags\": [\"patch\"]}, {\"url\": \"https://api.nuget.optimizely.com/packages/episerver.cms.core/12.22.1#\", \"tags\": [\"patch\"]}, {\"url\": \"https://r.sec-consult.com/optimizely\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\\n\\n\\n\\nThe Admin dashboard offered the functionality to add gadgets to the dashboard.\\nThis included the \\\"Notes\\\" gadget. An authenticated attacker with the corresponding\\naccess rights (such as \\\"WebAdmin\\\") that was impersonating the victim could insert\\nmalicious JavaScript code in these notes that would be executed if the victim\\nvisited the dashboard.\\n\\nAffected products: Version 11.X: EPiServer.CMS.Core (\u003c11.21.4) with EPiServer.CMS.UI (\u003c11.37.5), Version 12.X: EPiServer.CMS.Core (\u003c12.22.1) with EPiServer.CMS.UI (\u003c11.37.3)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim\u0027s browser.\u003cbr\u003e\\n\\n\u003c/span\u003e\u003cbr\u003eThe Admin dashboard offered the functionality to add gadgets to the dashboard.\\nThis included the \\\"Notes\\\" gadget. An authenticated attacker with the corresponding\\naccess rights (such as \\\"WebAdmin\\\") that was impersonating the victim could insert\\nmalicious JavaScript code in these notes that would be executed if the victim\\nvisited the dashboard.\u003cbr\u003e\u003cbr\u003eAffected products: Version 11.X: EPiServer.CMS.Core (\u0026lt;11.21.4) with EPiServer.CMS.UI (\u0026lt;11.37.5), Version 12.X: EPiServer.CMS.Core (\u0026lt;12.22.1) with EPiServer.CMS.UI (\u0026lt;11.37.3)\u003cbr\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2025-07-29T09:36:10.631Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27800\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:46:24.615Z\", \"dateReserved\": \"2025-03-07T06:46:34.308Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2025-07-28T08:33:24.304Z\", \"assignerShortName\": \"SEC-VLab\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…