216.73.216.169

CVE-2025-13902

· Published 10/03/2026 19:17 · Author: The MITRE Corporation

Labels: CVE-2025-13902 2026-03-10CVE-2025-13902CWE-79[email protected]

Essential information

Published
10/03/2026 19:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.4 MEDIUM (v3.1) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-79
EPSS (First)
P30.9% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00392)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.

NVD status

NVD
View on NVD