CVE-2025-40700: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IDI Eikon Governalia
Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.
CVE-2025-40700: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IDI Eikon Governalia
Description
Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- INCIBE
- Date Reserved
- 2025-04-16T08:38:18.261Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 692ee9715ae7112264cd39c3
Added to database: 12/2/2025, 1:28:17 PM
Last updated: 12/2/2025, 1:28:19 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-41012: CWE-862 Missing Authorization in TCMAN GIM
HighCVE-2025-11789: CWE-125 Out-of-bounds Read in SGE-PLC1000 SGE-PLC50 Circutor
HighCVE-2025-11788: CWE-122 Heap-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor
HighCVE-2025-11787: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in SGE-PLC1000 SGE-PLC50 Circutor
HighCVE-2025-11786: CWE-121: Stack-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.