CVE-2025-5412 | Mist Community Edition up to 4.7.1 Authentication Endpoint src/mist/api/views.py login return_to cross site scripting

Inserito da Angelo Barbosa | Mag 31, 2025 | CVE

A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting.

This vulnerability is traded as CVE-2025-5412. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-5412 | Mist Community Edition up to 4.7.1 Authentication Endpoint src/mist/api/views.py login return_to cross site scripting

Post correlati

CVE-2024-47924 | Boa cross site scripting

CVE-2025-32815 | Infoblox NETMRI up to 7.6.0 hard-coded credentials

CVE-2024-32040 | FreeRDP up to 2.11.5/3.4.x NSC Codec integer underflow (GHSA-23c5-cp23-h2h5)

CVE-2023-49949 | Passwork up to 6.1.x 2FA improper authentication