CVE-2025-46729
- Source
- https://cve.org/CVERecord?id=CVE-2025-46729
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46729.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-46729
- Aliases
-
- GHSA-x3rx-6c2m-6vg9
- Published
- 2025-05-12T10:37:04.011Z
- Modified
- 2025-12-05T10:16:45.743387Z
- Severity
-
- 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P CVSS Calculator
- Summary
- phpDVDProfiler Cross-site Scripting vulnerability
- Details
-
julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v20230807 and prior to v20250511, cross-site scripting in the search function. v_20250511 contains a patch for the issue.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46729.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46729.json
- https://github.com/julmud/phpDVDProfiler/commit/c97e4b577969d5f6ca8171333b362fcdbec838a7
- https://github.com/julmud/phpDVDProfiler/releases/tag/v_20250511
- https://github.com/julmud/phpDVDProfiler/security/advisories/GHSA-x3rx-6c2m-6vg9
- https://nvd.nist.gov/vuln/detail/CVE-2025-46729
- https://www.openbugbounty.org/reports/3456782
- https://www.openbugbounty.org/reports/3512265
Affected packages
Git / github.com/julmud/phpdvdprofiler
Affected ranges
- Type
- GIT
- Repo
- https://github.com/julmud/phpdvdprofiler
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed