How severe is CVE-2024-25640?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-25640?

This is classified as CWE-87, which is a common weakness in software security.

CVE-2024-25640

MEDIUM Year: 2024

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-87

View all →

Vulnerability Description

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available.

CVE-2021-40131

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ag...

CWE-872021

CVE-2022-20963

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a use...

CWE-872022

CVE-2024-3162

MEDIUM

CVSS:5.4(Medium)

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sani...

CWE-872024

CVE-2024-8505

MEDIUM

CVSS:5.4(Medium)

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to ins...

CWE-872024

CVE-2020-5298

MEDIUM

CVSS:4.8(Medium)

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socia...

CWE-872020

CVE-2023-20188

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable...

CWE-872023

CVE-2024-25640

Vulnerability Description

Related Vulnerabilities

CVE-2021-40131

CVE-2022-20963

CVE-2024-3162

CVE-2024-8505

CVE-2020-5298

CVE-2023-20188