CVE-2025-69993 | Leaflet up to 1.9.4 bindPopup cross site scripting

Inserito da Angelo Barbosa | Apr 14, 2026 | CVE

A vulnerability labeled as problematic has been found in Leaflet up to 1.9.4. This affects the function bindPopup. Such manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-69993. The attack can be launched remotely. No exploit exists.

CVE-2025-69993 | Leaflet up to 1.9.4 bindPopup cross site scripting

Post correlati

CVE-2025-50582 | StudentManage 1.0 Add A New Course Module cross site scripting

CVE-2024-45133 | Adobe Commerce up to 2.4.7-p2/2.4.6-p7/2.4.5-p9/2.4.4-p10 access control (apsb24-73)

CVE-2025-12346 | MaxSite CMS up to 109 HTTP Header uploads-require-maxsite.php X-Requested-FileName/X-Requested-FileUpDir unrestricted upload

CVE-2024-11153 | codeatlantic Content Control Plugin up to 2.5.0 on WordPress information disclosure