CVE-2025-1022

HIGH Year: 2025
CVSS v3 Score
8.2
High
Weakness Type
CWE-20
View all →

Vulnerability Description

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.

Related Vulnerabilities

CVE-2012-1168

HIGH
CVSS:8.2(High)

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

CWE-202012

CVE-2016-1182

HIGH
CVSS:8.2(High)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a ...

CWE-202016

CVE-2016-1441

HIGH
CVSS:8.2(High)

Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET A...

CWE-202016

CVE-2017-1000368

HIGH
CVSS:8.2(High)

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution...

CWE-202017

CVE-2017-3752

HIGH
CVSS:8.2(High)

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaw...

CWE-202017