CVE-2025-4512 | Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7 /astre/iodasweb/app.jsp action cross site scripting

Inserito da Angelo Barbosa | Mag 9, 2025 | CVE

A vulnerability classified as problematic has been found in Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7. Affected is an unknown function of the file /astre/iodasweb/app.jsp. The manipulation of the argument action leads to cross site scripting.

This vulnerability is traded as CVE-2025-4512. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4512 | Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7 /astre/iodasweb/app.jsp action cross site scripting

Post correlati

CVE-2023-51321 | PHPJabbers Night Club Booking Software 1.0 Forgot Password denial of service

CVE-2024-31467 | Aruba InstantOS/ArubaOS PAPI buffer overflow (ARUBA-PSA-2024-006)

CVE-2024-45652 | IBM Maximo Asset Management 7.6.1.3 API path traversal

CVE-2024-39678 | XjSv Cooked Plugin up to 1.7.15.4 on WordPress cross-site request forgery (GHSA-pp3h-ghxf-r9pc)