A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting.

This vulnerability is traded as CVE-2025-5412. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.