How severe is CVE-2025-1888?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2025-1888?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-1888 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.

Related Vulnerabilities

CVE-2015-9426

MEDIUM

CVSS:4.6(Medium)

The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.

CWE-792015

CVE-2018-8815

MEDIUM

CVSS:4.6(Medium)

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.

CWE-792018

CVE-2019-16295

MEDIUM

CVSS:4.6(Medium)

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename w...

CWE-792019

CVE-2019-3889

MEDIUM

CVSS:4.6(Medium)

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11....

CWE-792019

CVE-2020-4691

MEDIUM

CVSS:4.6(Medium)

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

CWE-792020

CVE-2020-7301

MEDIUM

CVSS:4.6(Medium)

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case managemen...

CWE-792020