CVE-2025-48076 | Galette up to 1.1.x group name cross site scripting

Inserito da Angelo Barbosa | Nov 4, 2025 | CVE

A vulnerability categorized as problematic has been discovered in Galette up to 1.1.x. The impacted element is an unknown function. The manipulation of the argument group name results in improper neutralization of alternate xss syntax.

This vulnerability is identified as CVE-2025-48076. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2025-48076 | Galette up to 1.1.x group name cross site scripting

Post correlati

CVE-2024-25604 | Liferay Portal/DXP User/Organizations Section authorization

CVE-2025-6934 | Opal Estate Pro Plugin up to 1.7.5 on WordPress on_regiser_user improper authentication

CVE-2025-7491 | PHPGurukul Vehicle Parking Management System 1.13 manage-outgoingvehicle.php del sql injection

CVE-2024-1568 | Seraphinite Accelerator Plugin up to 2.20.52 on WordPress OnAdminApi_HtmlCheck server-side request forgery