CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/14 6:19 p.m.•4 views

CVE-2025-69993

A flaw was found in Leaflet. This Cross-Site Scripting XSS vulnerability exists in the bindPopup method, which fails to sanitize user-supplied input. A remote attacker can exploit this by injecting malicious JavaScript code into map popups. When a victim views an affected map, the injected script...

6.1CVSS5.8AI score0.00191EPSS

Exploits2References5

vulnersOsv•added 2026/04/14 4:15 p.m.•19 views

2gis-maps (>=2.2.4 <=4.0.12), 2ndlogiccomponents (>=1.1.0 <=1.5.0) +3088 more potentially affected by CVE-2025-69993 via leaflet (>=0.5.1 <=2.0.0-alpha.1)

leaflet NPM version =0.5.1, =2.2.4, =1.1.0, =1.0.44, =5.4.0-pre.1, =5.4.0-pre.1, =0.0.1, =1.6.1, =1.0.0, =4.0.0, =0.1.0, =0.0.2, =1.0.0, =2.0.1 and more Source cves: CVE-2025-69993 Source advisory: SNYK:JS-LEAFLET-16427276...

6.1CVSS5.4AI score0.00191EPSS

Exploits2

vulnersOsv•added 2026/04/14 4:15 p.m.•6 views

de.digitalcollections:iiif-bookshelf-webapp (>=2.6.2 <=3.1.0), de.digitalcollections:iiif-server-demo (>=2.1.3 <=4.0.6) +25 more potentially affected by CVE-2025-69993 via org.webjars.npm:leaflet (>=0.7.7 <=2.0.0-alpha.1)

org.webjars.npm:leaflet MAVEN version =0.7.7, =2.6.2, =2.1.3, =0.9.0, =1.0.3, =2.0.0 - org.webjars.npm:github-com-commenthol-leaflet-rastercoords =1.0.2 - org.webjars.npm:github-com-jseppi-Leaflet-MakiMarkers =3.1.0 - org.webjars.npm:github-com-michaz-graphhopper-maps =0.0.1 -...

6.1CVSS5.4AI score0.00191EPSS

Exploits2

Snyk•added 2026/04/14 4:15 p.m.•7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:leaflet is a JavaScript library for mobile-friendly interactive maps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bindPopup method. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by...

Snyk•added 2026/04/14 4:15 p.m.•8 views

Cross-site Scripting (XSS)

Overview leaflet is a JavaScript library for mobile-friendly interactive maps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bindPopup method. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by injecting malicious...

EUVD•added 2026/04/14 3:30 p.m.•3 views

EUVD-2025-209449

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

NVD•added 2026/04/14 3:16 p.m.•2 views

CVE-2025-69993

6.1CVSS0.00191EPSS

OSV•added 2026/04/14 3:16 p.m.•4 views

DEBIAN-CVE-2025-69993

6.1CVSS5.5AI score0.00191EPSS

Exploits2References1

UbuntuCve•added 2026/04/14 3:16 p.m.•3 views

CVE-2025-69993

OSV•added 2026/04/14 3:16 p.m.•2 views

UBUNTU-CVE-2025-69993

GithubExploit•added 2026/04/14 9:31 a.m.•113 views

Exploits2References4

Exploit for CVE-2025-69993

Leaflet XSS POC Proof of Concept for CVE-2025-69993 — XSS vul...

5.8AI score0.00191EPSS

Exploits2

Cvelist•added 2026/04/14 12:0 a.m.•29 views

CVE-2025-69993

6.1CVSS0.00191EPSS

ATTACKERKB•added 2026/04/14 12:0 a.m.•1 views

CVE-2025-69993

Vulnrichment•added 2026/04/14 12:0 a.m.•1 views

CVE-2025-69993

Positive Technologies•added 2026/04/14 12:0 a.m.•4 views

PT-2026-32628

CNNVD•added 2026/04/14 12:0 a.m.•8 views

Exploits2References4

Leaflet 安全漏洞

Leaflet is a lightweight interactive map development library developed by Volodymyr Agafonkin. Versions of Leaflet 1.9.4 and earlier contain security vulnerabilities; these vulnerabilities stem from the bindPopup method not properly cleaning user input, which may lead to cross-site scripting...

6.1CVSS5.6AI score0.00191EPSS