FKIE_CVE-2025-1271

Vulnerability from fkie_nvd - Published: 2025-02-13 13:15 - Updated: 2025-02-13 13:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user.
References
cve-coordination@incibe.eshttps://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Reflected Cross-Site Scripting (XSS) in Anapi Group\u0027s h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user."
    },
    {
      "lang": "es",
      "value": "Cross-Site Scripting (XSS) Reflejado en h6web de Anapi Group. Esta falla de seguridad podr\u00eda permitir a un atacante inyectar c\u00f3digo JavaScript malicioso en una URL. Cuando un usuario accede a esa URL, el c\u00f3digo inyectado se ejecuta en su navegador, lo que puede provocar el robo de informaci\u00f3n confidencial, robo de identidad o la ejecuci\u00f3n de acciones no autorizadas por parte del usuario afectado."
    }
  ],
  "id": "CVE-2025-1271",
  "lastModified": "2025-02-13T13:15:09.433",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "cve-coordination@incibe.es",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-13T13:15:09.433",
  "references": [
    {
      "source": "cve-coordination@incibe.es",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web"
    }
  ],
  "sourceIdentifier": "cve-coordination@incibe.es",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cve-coordination@incibe.es",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.