CVE-2025-5352 | lunary-ai lunary up to 1.9.24 Analytics NEXT_PUBLIC_CUSTOM_SCRIPT cross site scripting

Inserito da Angelo Barbosa | Ago 23, 2025 | CVE

A vulnerability categorized as problematic has been discovered in lunary-ai lunary up to 1.9.24. Affected is an unknown function of the component Analytics Component. The manipulation of the argument NEXT_PUBLIC_CUSTOM_SCRIPT results in cross site scripting.

This vulnerability is known as CVE-2025-5352. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2025-5352 | lunary-ai lunary up to 1.9.24 Analytics NEXT_PUBLIC_CUSTOM_SCRIPT cross site scripting

Post correlati

CVE-2023-7055 | PHPGurukul Online Notes Sharing System 1.0 Contact Information /user/profile.php mobilenumber access control

CVE-2024-10220 | Kubernetes up to 1.28.11/1.29.6/1.30.2 gitRepo Volume Privilege Escalation

CVE-2024-40508 | openPetra 2023.02 serverMConference.asmx cross site scripting

CVE-2024-47241 | Dell Secure Connect Gateway 5.24.00.14 certificate validation (dsa-2024-407)