DEBIAN-CVE-2025-3573

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-3573

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-3573.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-3573

Upstream

CVE-2025-3573

Published

2025-04-15T05:15:31.007Z

Modified

2025-11-20T10:18:09.023788Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

References

https://security-tracker.debian.org/tracker/CVE-2025-3573

Affected packages

Debian:11

civicrm

Package

Name: civicrm
Purl: pkg:deb/debian/civicrm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.33.2+dfsg1-1

5.50.1+dfsg1-1

5.50.3+dfsg1-1

5.52.2+dfsg1-1

5.53.0+dfsg1-1

5.68.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:5.*

4:5.0.4+dfsg2-2

4:5.0.4+dfsg2-2+deb11u1

4:5.0.4+dfsg2-2+deb11u2

4:5.1.1+dfsg1-1

4:5.1.1+dfsg1-2

4:5.1.1+dfsg1-3

4:5.1.1+dfsg1-4~bpo11+1

4:5.1.1+dfsg1-4

4:5.1.1+dfsg1-5

4:5.1.3+dfsg1-1

4:5.1.4+dfsg1-1~bpo11+1

4:5.1.4+dfsg1-1

4:5.1.4+dfsg1-2~bpo11+1

4:5.1.4+dfsg1-2

4:5.1.4+dfsg1-3

4:5.2.0+dfsg1-1

4:5.2.0+dfsg1-2

4:5.2.1+dfsg-1~bpo11+1

4:5.2.1+dfsg-1

4:5.2.1+dfsg-2

4:5.2.1+dfsg-3

4:5.2.1+dfsg-4

4:5.2.2-dev+759fe912a-1

4:5.2.2-really5.2.2+20241130+dfsg-1

4:5.2.2-really5.2.2+20241228+dfsg-1

4:5.2.2-really5.2.2+20250114+dfsg-1

4:5.2.2-really5.2.2+20250121+dfsg-1

4:5.2.2-really+dfsg-1

4:5.2.2-really+dfsg-2

4:5.2.3+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:5.*

4:5.2.1+dfsg-1

4:5.2.1+dfsg-1+deb12u1

4:5.2.1+dfsg-2

4:5.2.1+dfsg-3

4:5.2.1+dfsg-4

4:5.2.2-dev+759fe912a-1

4:5.2.2-really5.2.2+20241130+dfsg-1

4:5.2.2-really5.2.2+20241228+dfsg-1

4:5.2.2-really5.2.2+20250114+dfsg-1

4:5.2.2-really5.2.2+20250121+dfsg-1

4:5.2.2-really+dfsg-1

4:5.2.2-really+dfsg-2

4:5.2.3+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

znuny

Package

Name: znuny
Purl: pkg:deb/debian/znuny?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.3.2-3

6.3.3-1~bpo11+1

6.3.3-1

6.3.4-1~bpo11+1

6.3.4-1

6.4.2-1~bpo11+1

6.4.2-1

6.4.2-2

6.4.3-1~bpo11+1

6.4.3-1

6.4.4-1

6.4.5-1~bpo11+1

6.4.5-1

6.4.5-2

6.5.1-1

6.5.3-1~bpo12+1

6.5.3-1

6.5.4-1~bpo12+1

6.5.4-1

6.5.5-1~bpo12+1

6.5.5-1

6.5.6-1~bpo12+1

6.5.6-1

6.5.8-1~bpo12+1

6.5.8-1

6.5.9-1~bpo12+1

6.5.9-1

6.5.10-1~bpo12+1

6.5.10-1

6.5.11-1~bpo12+1

6.5.11-1

6.5.13-1

6.5.14-1~bpo12+1

6.5.14-1

6.5.15-1

6.5.15-2~bpo12+1

6.5.15-2

6.5.16-1

6.5.18-1~bpo13+1

6.5.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

kalkun

Package

Name: kalkun
Purl: pkg:deb/debian/kalkun?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.3.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:5.2.2-really+dfsg-1+deb13u1

Affected versions

4:5.*

4:5.2.2-really+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

znuny

Package

Name: znuny
Purl: pkg:deb/debian/znuny?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.3.2-3

6.3.3-1~bpo11+1

6.3.3-1

6.3.4-1~bpo11+1

6.3.4-1

6.4.2-1~bpo11+1

6.4.2-1

6.4.2-2

6.4.3-1~bpo11+1

6.4.3-1

6.4.4-1

6.4.5-1~bpo11+1

6.4.5-1

6.4.5-2

6.5.1-1

6.5.3-1~bpo12+1

6.5.3-1

6.5.4-1~bpo12+1

6.5.4-1

6.5.5-1~bpo12+1

6.5.5-1

6.5.6-1~bpo12+1

6.5.6-1

6.5.8-1~bpo12+1

6.5.8-1

6.5.9-1~bpo12+1

6.5.9-1

6.5.10-1~bpo12+1

6.5.10-1

6.5.11-1~bpo12+1

6.5.11-1

6.5.13-1

6.5.14-1~bpo12+1

6.5.14-1

6.5.15-1

6.5.15-2~bpo12+1

6.5.15-2

6.5.16-1

6.5.18-1~bpo13+1

6.5.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

kalkun

Package

Name: kalkun
Purl: pkg:deb/debian/kalkun?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.3.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:5.2.2-really+dfsg-2

Affected versions

4:5.*

4:5.2.2-really+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

znuny

Package

Name: znuny
Purl: pkg:deb/debian/znuny?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.16-1

Affected versions

6.*

6.3.2-3

6.3.3-1~bpo11+1

6.3.3-1

6.3.4-1~bpo11+1

6.3.4-1

6.4.2-1~bpo11+1

6.4.2-1

6.4.2-2

6.4.3-1~bpo11+1

6.4.3-1

6.4.4-1

6.4.5-1~bpo11+1

6.4.5-1

6.4.5-2

6.5.1-1

6.5.3-1~bpo12+1

6.5.3-1

6.5.4-1~bpo12+1

6.5.4-1

6.5.5-1~bpo12+1

6.5.5-1

6.5.6-1~bpo12+1

6.5.6-1

6.5.8-1~bpo12+1

6.5.8-1

6.5.9-1~bpo12+1

6.5.9-1

6.5.10-1~bpo12+1

6.5.10-1

6.5.11-1~bpo12+1

6.5.11-1

6.5.13-1

6.5.14-1~bpo12+1

6.5.14-1

6.5.15-1

6.5.15-2~bpo12+1

6.5.15-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}