CVE-2025-0281
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-0281
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0281.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-0281
- Published
- 2025-03-20T10:15:52Z
- Modified
- 2025-03-28T16:48:38.040354Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier. An attacker can inject malicious JavaScript into the SAML IdP XML metadata, which is used to generate the SAML login redirect URL. This URL is then set as the value of
window.location.hrefwithout proper validation or sanitization. This vulnerability allows the attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions. The issue is fixed in version 1.7.10. - References
Affected packages
Git / github.com/lunary-ai/lunary
Affected ranges
- Type
- GIT
- Repo
- https://github.com/lunary-ai/lunary
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.2.4
1.4.9
Other
test1
test2
vtest
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.15
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.2
v1.2.20
v1.2.21
v1.2.22
v1.2.23
v1.2.24
v1.2.25
v1.2.26
v1.2.27
v1.2.28
v1.2.29
v1.2.3
v1.2.30
v1.2.31
v1.2.32
v1.2.33
v1.2.34
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.2
v1.3.3
v1.3.4
v1.3.4-alpha.1
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.28
v1.4.29
v1.4.3
v1.4.3-alpha.1
v1.4.3-alpha.2
v1.4.30
v1.4.31
v1.4.32
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.5-alpha
v1.5.5-alpha.1
v1.5.5-alpha.2
v1.5.5-alpha.3
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.6.9-test
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.8
v1.7.9