How severe is CVE-2025-32960?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2025-32960?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-32960 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 7.2.7. A workaround is provided on the Jmix documentation website.

Related Vulnerabilities

CVE-2012-3341

MEDIUM

CVSS:6.4(Medium)

IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a ...

CWE-792012

CVE-2016-2138

MEDIUM

CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.

CWE-792016

CVE-2016-2139

MEDIUM

CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.

CWE-792016

CVE-2019-3769

MEDIUM

CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to st...

CWE-792019

CVE-2019-3770

MEDIUM

CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could expl...

CWE-792019

CVE-2019-7004

MEDIUM

CVSS:6.4(Medium)

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product ve...

CWE-792019