CVE-2025-24372 XSS vector in user uploaded images in group/org and user profiles in ckan
CKAN is an open-source DMS data management system for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could...