2 matches found
CVE-2025-68115
Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...
PT-2025-51360
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.1 Parse Server versions prior to 9.1.0-alpha.3 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a Reflected Cross-Site Scripting XSS issue in its password reset...