Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/08/25 7:20 a.m.4 views

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

8.1CVSS5.8AI score0.00458EPSS
Exploits1References1
NVD
NVD
added 2025/08/23 7:15 a.m.5 views

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

9.6CVSS0.00458EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/23 6:56 a.m.3 views

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

8.1CVSS5.8AI score0.00458EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.6 views

PT-2025-34524 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to 1.9.23 Description: A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component. The NEXT PUBLIC CUSTOM SCRIPT environment variable is directly injected into the DOM using...

8.1CVSS7.3AI score0.00458EPSS
Exploits1References6
Rows per page
Query Builder