EUVD-2025-4079

Malicious code in bioql PyPI...

CVE-2025-25190

CVE-2025-25190 affects the ZOO-Project Web Processing Service (WPS) EchoProcess, where user input is echoed without proper sanitization. The vulnerability arises when handling complex inputs (XML, JSON, SVG); processing SVG content returned with image/svg+xml can expose arbitrary JavaScript via a...

CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server

The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...

CVE-2025-25189

CVE-2025-25189 describes a reflected cross-site scripting vulnerability in the ZOO-Project Web Processing Service (WPS) publish.py CGI script, prior to commit 7a5ae1a. The issue stems from the script reflecting the user-supplied jobid parameter into the HTML response without HTML encoding or sani...

PT-2025-6112 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The issue is related to a reflected Cross-Site Scripting vulnerability in the ZOO-Project Web Processing Service WPS publish.py CGI script. This vulnerability occurs because the script...

PT-2025-6113 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service. The vulnerability exists because the EchoProcess service...