CVE-2025-60936

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-60936

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60936.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-60936

Published

2025-10-24T15:15:40.440Z

Modified

2026-04-10T05:32:30.920438Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.

References

https://github.com/emoncms/emoncms/issues/1940

Affected packages

Git / github.com/emoncms/emoncms

Affected ranges

Type

GIT

Repo

https://github.com/emoncms/emoncms

Events

Introduced

Last affected

efcf93c346ca68d2959657dbda1efc55e7a07a49

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.7.3"
        }
    ]
}

Affected versions

10.*

10.1.10

10.1.11

10.1.4

10.1.7

10.1.8

10.1.9

10.2.0

10.2.1

10.2.2

10.2.3

10.2.4

10.2.5

10.2.7

10.5.5

10.5.6

10.6.5

10.6.6

10.6.7

10.6.8

10.6.9

10.7.0

10.7.1

10.7.2

10.7.3

10.7.4

10.7.7

10.8.1

10.8.5

11.*

11.2.10

11.2.3

11.2.7

11.2.8

11.3.20

11.3.22

11.5.2

11.5.3

11.5.5

11.5.6

11.6.1

11.6.10

11.6.11

11.6.12

11.6.2

11.6.4

11.6.5

11.6.6

11.6.7

11.6.8

11.6.9

11.7.3

8.*

8.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.0.7

8.0.8

8.0.9

8.1.0

8.1.1

8.1.2

8.2

8.2.1

8.2.3

8.2.5

8.2.6

8.2.7

8.3.0

8.3.1

8.5.2

9.*

9.8.15

9.8.15.stable

9.8.16

9.8.18

9.8.24

debian/8.*

debian/8.0-1

v5.*

v5.0

v6.*

v6.0

v6.9

v7.*

v7.0

v8.*

v8.3.2

v8.3.3

v8.3.4

v8.3.6

v8.4.0

v9.*

v9.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60936.json"