CVE-2025-5412 | Mist Community Edition up to 4.7.1 Authentication Endpoint src/mist/api/views.py login return_to cross site scripting

Inserito da Angelo Barbosa | Mag 31, 2025 | CVE

A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting.

This vulnerability is traded as CVE-2025-5412. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-5412 | Mist Community Edition up to 4.7.1 Authentication Endpoint src/mist/api/views.py login return_to cross site scripting

Post correlati

CVE-2024-0448 | Livemesh Elementor Addons Plugin up to 8.3.1 on WordPress cross site scripting

CVE-2024-2051 | Schneider Electric Easergy T200 excessive authentication (SEVD-2024-072-01)

CVE-2024-12654 | FabulaTech USB over Network 6.0.6.1 IOCT ftusbbus2.sys 0x220408 null pointer dereference

CVE-2023-41170 | NetScout nGeniusONE 6.3.4 cross site scripting