CVE-2025-14701
- Source
- https://cve.org/CVERecord?id=CVE-2025-14701
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14701.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-14701
- Published
- 2025-12-17T00:04:32.259Z
- Modified
- 2025-12-25T03:46:21.182086Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
- Details
-
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14701.json", "cna_assigner": "GitLab", "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Git / gitlab.com/crafty-controller/crafty-4
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/crafty-controller/crafty-4
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0.0-alpha.3
v4.*
v4.0.0-alpha-3-hotfix.1
v4.0.0-alpha-3-hotfix.2
v4.0.0-alpha-3.5
v4.0.0-alpha.2
v4.0.0-beta
v4.0.0-beta-hotfix.1
v4.0.10-beta
v4.0.11-beta
v4.0.12-beta
v4.0.13-beta
v4.0.14-beta
v4.0.15-beta
v4.0.16
v4.0.18
v4.0.19
v4.0.2
v4.0.2-beta-hotfix.1
v4.0.20
v4.0.21
v4.0.22
v4.0.3-beta
v4.0.4-beta
v4.0.4-beta-hotfix2
v4.0.4-hotfix
v4.0.5-beta
v4.0.6-beta
v4.0.7-beta
v4.0.8-beta
v4.0.9-beta
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.10
v4.4.11
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.4.8
v4.4.9
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.6.1