AI description
Generated using AI and has not been reviewed by Intruder. May contain errors.
CVE-2025-23847 is a cross-site scripting (XSS) vulnerability found in the NotFound Site Launcher. This vulnerability stems from improper neutralization of user input during web page generation. Exploitation of this flaw allows for reflected XSS attacks. Vulnerable versions of Site Launcher range from n/a up to and including 0.9.4. A cross-site scripting vulnerability, like CVE-2025-23847, can allow attackers to inject malicious scripts into websites. These scripts can then be executed by unsuspecting users who visit the compromised site. The consequences of a successful XSS attack can vary, but often include session hijacking, cookie theft, redirection to malicious websites, and modification of website content.
- Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Site Launcher allows Reflected XSS. This issue affects Site Launcher: from n/a through 0.9.4.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 3.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
- Severity
- HIGH
- audit@patchstack.com
- CWE-79
- Hype score
- Not currently trending