CVE-2025-10340
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-13

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/change_log.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-13
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10340
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
whatcd gazelle *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in WhatCD Gazelle up to a specific commit version. It involves an unknown function in the file /sections/tools/managers/change_log.php within the Commit Message Handler component. By manipulating the 'Message' argument, an attacker can perform a cross-site scripting (XSS) attack remotely. This means an attacker can inject malicious scripts that execute in the context of a user's browser.

Impact Analysis

The vulnerability can allow an attacker to execute cross-site scripting attacks remotely by manipulating input parameters. This can lead to the injection of malicious scripts that may compromise user interactions, potentially leading to session hijacking, defacement, or other malicious activities affecting the integrity of the application and user data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart