4 matches found
CVE-2025-5410
CVE-2025-5410 affects Mist Community Edition up to 4.7.1. The vulnerability exists in the function session_start_response within src/mist/api/auth/middleware.py and enables cross-site request forgery with remote initiation. Public disclosure of the exploit is noted. Mitigation: upgrade to version...
CVE-2025-5412
CVE-2025-5412 affects Mist Community Edition up to 4.7.1. The vulnerability resides in the Login function of src/mist/api/views.py (Authentication Endpoint); manipulating the return_to argument leads to a cross-site scripting (XSS) condition. Exploitation is possible remotely, and public disclosu...
CVE-2025-5409
Mist Community Edition up to 4.7.1 contains a vulnerability in the API Token Handler’s create_token function (src/mist/api/auth/views.py) that enables improper access controls. The issue allows remote initiation of an attack and has publicly disclosed exploits. Upgrading to version 4.7.2 addresse...
CVE-2025-5411
Mist Community Edition