CVE-2025-40703
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-09-02
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| craws | openatlas | 8.9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) flaw in OpenAtlas v8.9.0, specifically in the "/insert/group" POST request endpoint. It occurs because the software does not properly validate user input in the "name" and "alias-0" parameters. An attacker can send specially crafted POST requests that, when processed by an authenticated user, execute malicious scripts in the user's browser. This can lead to theft of session cookies and potentially other malicious actions within the user's session. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary scripts in the context of an authenticated user's browser session. This can lead to theft of session cookies, which may enable the attacker to hijack the user's session and gain unauthorized access to the application with the user's privileges. This can result in data theft, unauthorized actions, or further exploitation of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring POST requests to the "/insert/group" endpoint, specifically looking for suspicious or malicious input in the "name" and "alias-0" parameters. You can use network traffic inspection tools like Wireshark or tcpdump to capture HTTP POST requests and filter for these parameters. Additionally, web application security scanners that test for Cross-Site Scripting (XSS) vulnerabilities by sending crafted payloads to these parameters can help detect the issue. For example, using curl to send test POST requests with XSS payloads to the endpoint can help verify if the vulnerability exists: curl -X POST -d "name=<script>alert(1)</script>&alias-0=test" https://your-openatlas-instance/insert/group [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade OpenAtlas to version 8.10.1 or later, where this vulnerability has been fixed by the ACDH-CH team. Until the upgrade is applied, restrict access to the affected endpoints to trusted users only, and consider implementing web application firewall (WAF) rules to block or sanitize malicious POST requests targeting the "/insert/group" endpoint, especially those containing suspicious scripts in the "name" and "alias-0" parameters. [1]