- Description
- A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 3.5
- Impact score
- 1.4
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Secondary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
- cna@vuldb.com
- CWE-79
- Hype score
- Not currently trending
π¨ CVE-2025-2124 π MEDIUM (5.1) π’ Control iD - RH iD ποΈ 25.2.25.0 π https://t.co/sWf2fFlAGr π https://t.co/V0MoV6oanE π https://t.co/KUQZfWvFKr π https://t.co/r0u2HfmL7j #CyberCron #VulnAlert #InfoSec https://t.co/xb19yZo4A6
@cybercronai
10 Mar 2025
27 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-2124 Cross-Site Scripting in Control iD RH iD 25.2.25.0 API Password Change Endpoint https://t.co/Aev4CZ4xPW
@VulmonFeeds
9 Mar 2025
104 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2124 A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change⦠https://t.co/GXdVljZ6Ha
@CVEnew
9 Mar 2025
655 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes