CVE-2025-5198

MEDIUM Year: 2025
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

Related Vulnerabilities

CVE-2017-18783

MEDIUM
CVSS:5.0(Medium)

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1....

CWE-792017

CVE-2017-18784

MEDIUM
CVSS:5.0(Medium)

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0...

CWE-792017

CVE-2019-1677

MEDIUM
CVSS:5.0(Medium)

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insuffi...

CWE-792019

CVE-2023-5244

MEDIUM
CVSS:5.0(Medium)

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CWE-792023

CVE-2024-23998

MEDIUM
CVSS:5.0(Medium)

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.

CWE-792024

CVE-2024-31574

MEDIUM
CVSS:5.0(Medium)

Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script

CWE-792024