How severe is CVE-2025-46595?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2025-46595?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-46595 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provided by the flag module. This can allow crafted HTML to result in Cross Site Scripting. This is mitigated by the fact that an attacker must have a role with permission to create links on the website, for example: create or edit comments or content with a filtered text format.

Related Vulnerabilities

CVE-2012-3341

MEDIUM

CVSS:6.4(Medium)

IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a ...

CWE-792012

CVE-2016-2138

MEDIUM

CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.

CWE-792016

CVE-2016-2139

MEDIUM

CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.

CWE-792016

CVE-2019-3769

MEDIUM

CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to st...

CWE-792019

CVE-2019-3770

MEDIUM

CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could expl...

CWE-792019

CVE-2019-7004

MEDIUM

CVSS:6.4(Medium)

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product ve...

CWE-792019