- Description
- The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service (WPS) publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the `jobid` parameter in its HTTP response without proper HTML encoding or sanitization. When a victim visits a specially crafted URL pointing to this endpoint, arbitrary JavaScript code can be executed in their browser context. The vulnerability occurs because the CGI script directly outputs the query string parameters into the HTML response without escaping HTML special characters. An attacker can inject malicious JavaScript code through the `jobid` parameter which will be executed when rendered by the victim's browser. Commit 7a5ae1a contains a fix for the issue.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 5.5
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2025-25189 🟠 MEDIUM (5.5) 🏢 ZOO-Project - ZOO-Project 🏗️ < 7a5ae1a 🔗 https://t.co/pPVQAmC9nD 🔗 https://t.co/4W9fQzTmmk #CyberCron #VulnAlert https://t.co/U399gM0Pua
@cybercronai
12 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25189 The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service (WPS) publish.p… https://t.co/bl9JkBBwgT
@CVEnew
10 Feb 2025
421 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes