CVE-2025-30342

Source
https://cve.org/CVERecord?id=CVE-2025-30342
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30342.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-30342
Published
2025-03-21T00:00:00Z
Modified
2026-07-08T07:03:45.274900157Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly encoded when reflected; however, adding attributes to links is possible, which allows the injection of JavaScript via the onmouseover attribute and others. When a user moves the mouse over such a prepared link, JavaScript is executed in that user's session.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "4.2.5"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "4.2.5"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30342.json",
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/openslides/openslides

Affected ranges

Type
GIT
Repo
https://github.com/openslides/openslides
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:openslides:openslides:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.2.5"
        }
    ]
}

Affected versions

1.*
1.0
1.1
1.2
1.3
4.*
4.0.0
4.1.0
4.1.11
4.1.12
4.1.13
4.1.14
4.1.15
4.1.16
4.1.17
4.1.18
4.1.19
4.1.20
4.1.21
4.1.22
4.1.7
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30342.json"