Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/source" petition, "name" parameter.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40706.json",
"cna_assigner": "INCIBE",
"cwe_ids": [
"CWE-79"
]
}