CVE-2025-65465

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-65465

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65465.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65465

Published

2026-03-02T15:16:31.280Z

Modified

2026-04-02T13:00:36.182514Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18.

References

Affected packages

Git / github.com/skrol29/tbszip

Affected ranges

Type: GIT
Repo: https://github.com/skrol29/tbszip
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8168765ddc16871feadcd2caef2ea3051a687b81

Affected versions

v2.*

v2.17

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65465.json"