CVE-2025-11687
Reflected DOM XSS in gi-docgen Enables Session Cookie Theft
Publication date: 2026-01-26
Last updated on: 2026-01-26
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | gi-docgen | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected DOM Cross-Site Scripting (XSS) flaw in gi-docgen. It occurs because gi-docgen does not properly encode search terms before inserting them into the HTML page. An attacker can craft a malicious URL that includes harmful JavaScript code in the 'q' GET parameter, which then executes in the user's browser when the URL is visited. This allows arbitrary JavaScript execution in the context of the page. [1]
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary JavaScript execution in the user's browser, enabling attacks such as DOM manipulation, session cookie theft, and other client-side exploits. The severity depends on what else is hosted on the same domain as the gi-docgen documentation. If only gi-docgen docs are hosted with no sensitive content, the impact is likely minimal. However, if sensitive data or functionality is present on the domain, the risk and impact increase. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves testing for reflected DOM XSS by crafting URLs with malicious payloads in the 'q' GET parameter and observing if the script executes in the browser context. There are no specific commands provided in the resources. A practical approach is to use a web proxy or browser developer tools to intercept and modify requests to gi-docgen, injecting test scripts in the 'q' parameter to see if they are executed. Automated scanners that detect reflected XSS vulnerabilities can also be used against the gi-docgen documentation URLs. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the gi-docgen documentation to trusted users only, avoiding hosting sensitive content on the same domain as gi-docgen, and applying any available patches or updates from the gi-docgen maintainers or Red Hat once released. Additionally, users should avoid clicking on untrusted URLs containing the 'q' parameter. Since no specific patch or workaround is detailed, limiting exposure and monitoring for suspicious activity are recommended. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.