Vulners
Lucene search
π OpenNebula 6.10.0.1 Cross Site Scripting
ποΈΒ 29 Apr 2026Β 00:00:00Reported byΒ Mark ArtamonovTypeΒ 
Β packetstormπΒ packetstorm.newsπΒ 53Β Views
| Reporter | Title | Published | Views | Family All 44 |
|---|---|---|---|---|
 | Exploit for CVE-2025-56537 | 28 Apr 202618:06 | β | githubexploit |
| Exploit for CVE-2025-56536 | 28 Apr 202617:56 | β | githubexploit |
 | CVE-2025-56534 | 29 Apr 202600:00 | β | attackerkb |
| CVE-2025-56537 | 29 Apr 202600:00 | β | attackerkb |
| CVE-2025-56535 | 29 Apr 202600:00 | β | attackerkb |
| CVE-2025-56536 | 29 Apr 202600:00 | β | attackerkb |
 | CVE-2025-56534 | 29 Apr 202600:00 | β | alpinelinux |
| CVE-2025-56535 | 29 Apr 202600:00 | β | alpinelinux |
| CVE-2025-56536 | 29 Apr 202600:00 | β | alpinelinux |
| CVE-2025-56537 | 29 Apr 202600:00 | β | alpinelinux |
10
# OpenNebula-CVE-2025-56537
**Exploit Title :** OpenNebula 6.10.0.1 - Stored XSS (Cross-site Scripting) in virtual network template
**Exploit Author :** Mark Artamonov
**Vendor Homepage :** https://opennebula.io/
**Tested Version :** OpenNebula 6.10.0.1
**Affected Versions :** OpenNebula < 7.0
**Affected Component :** opennebula-sunstone
**CVE ID :** CVE-2025-56537
### **Description:**
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.
### **Payload :**
```
<image src =q onerror=prompt(8)>
```
## **Proof of Concept :**
<img width="1063" height="645" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/6d19c255-500f-4280-8802-ac993157334a" />
<br>
<img width="1190" height="750" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/bb89b5f8-4f3f-4da9-a2a8-2256f7e7c420" />
### **Fix :**
Upgrade to OpenNebula >=7.0.
----------------
# OpenNebula-CVE-2025-56536
**Exploit Title :** OpenNebula 6.10.0.1 - Stored XSS (Cross-site Scripting) in user information
**Exploit Author :** Mark Artamonov
**Vendor Homepage :** https://opennebula.io/
**Tested Version :** OpenNebula 6.10.0.1
**Affected Versions :** OpenNebula < 7.0
**Affected Component :** opennebula-sunstone
**CVE ID :** CVE-2025-56536
### **Description:**
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.
### **Payload :**
```
<image src =q onerror=prompt(8)>
```
## **Proof of Concept :**
<img width="1779" height="694" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/b493d771-441d-4b17-9915-164d30bd89e9" />
<br>
<img width="1439" height="740" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/f712d182-f5ba-417e-8a43-7caee949c56c" />
### **Fix :**
Upgrade to OpenNebula >=7.0.
----------------
# OpenNebula-CVE-2025-56535
**Exploit Title :** OpenNebula 6.10.0.1 - Stored XSS (Cross-site Scripting) in zone attribute
**Exploit Author :** Mark Artamonov
**Vendor Homepage :** https://opennebula.io/
**Tested Version :** OpenNebula 6.10.0.1
**Affected Versions :** OpenNebula < 7.0
**Affected Component :** opennebula-sunstone
**CVE ID :** CVE-2025-56535
### **Description:**
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.
### **Payload :**
```
<image src =q onerror=prompt(8)>
```
## **Proof of Concept :**
<img width="1063" height="755" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/4a034b1f-b5a6-464a-a680-d0bbdb73ed93" />
<br>
<img width="1107" height="749" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/421b8745-6207-4d56-9447-0b15c5a45314" />
### **Fix :**
Upgrade to OpenNebula >=7.0.
----------------
# OpenNebula-CVE-2025-56534
**Exploit Title :** OpenNebula 6.10.0.1 - Stored XSS (Cross-site Scripting) in the custom authenticator driver
**Exploit Author :** Mark Artamonov
**Vendor Homepage :** https://opennebula.io/
**Tested Version :** OpenNebula 6.10.0.1
**Affected Versions :** OpenNebula < 7.0
**Affected Component :** opennebula-sunstone
**CVE ID :** CVE-2025-56534
### **Description:**
A stored cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
### **Payload :**
```
<image src =q onerror=prompt(8)>
```
## **Proof of Concept :**
<img width="1063" height="698" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/33097697-e151-437a-9480-7b7ddb094363" />
<br>
<img width="1440" height="711" alt="ΠΈΠ·ΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅" src="https://github.com/user-attachments/assets/c9b57595-2dbb-4d67-880f-131664c0a6aa" />
### **Fix :**
Upgrade to OpenNebula >=7.0.Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Apr 2026 00:00Current
5Medium risk
Vulners AI Score5
CVSS 3.16.1
EPSS0.00185
SSVC