A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.

CVE Database V5

Detailed information about CVE-2025-60917: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60917: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-60917: n/a

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

Detailed information about CVE-2025-60632: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60632: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-60632: n/a

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.

CVE-2025-60916 identifies a reflected cross-site scripting (XSS) vulnerability in the Openatlas software developed by the Austrian Archaeological Institute, specifically affecting the /overview/network/ endpoint. This vulnerability arises due to insufficient sanitization of user-supplied input in the 'charge' parameter, allowing attackers to inject malicious JavaScript code that is reflected back in the HTTP response. When a victim accesses a crafted URL containing the malicious payload, the script executes within their browser context, potentially enabling attackers to hijack user sessions, steal cookies, manipulate the DOM, or redirect users to malicious sites. The vulnerability is present in versions prior to 8.12.0, with no patch links currently provided but an update to 8.12.0 presumably addressing the issue. No authentication or user interaction beyond visiting a malicious link is required, making exploitation relatively straightforward. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to users of Openatlas, particularly in academic and cultural heritage sectors that rely on this software for archaeological data management. The lack of a CVSS score necessitates an independent severity assessment based on impact and exploitability factors.

Detailed information about CVE-2025-60916: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60916: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-60916: n/a

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.

CVE-2025-60915 is a path traversal vulnerability identified in the Openatlas software developed by the Austrian Archaeological Institute, affecting versions prior to 8.12.0. The vulnerability resides in the handling of the 'size' query parameter within the /views/file.py script. An attacker can craft a malicious HTTP request that manipulates this parameter to traverse directories on the server's filesystem, thereby accessing files outside the intended directory scope. This type of vulnerability typically arises from insufficient sanitization or validation of user-supplied input used in file path construction. Successful exploitation allows unauthorized reading of arbitrary files, which may include sensitive configuration files, credentials, or other protected data. There is no indication that authentication is required to exploit this flaw, increasing its risk profile. Although no active exploits have been reported, the vulnerability is publicly disclosed and assigned a CVE identifier. The lack of a CVSS score suggests the need for an independent severity assessment. The vulnerability affects organizations using Openatlas, a software platform used primarily in archaeological research and cultural heritage management, which may contain sensitive or proprietary data. The technical details indicate the vulnerability was reserved in late September 2025 and published in November 2025, with no patch links currently provided, emphasizing the urgency for affected users to seek updates or mitigations from the vendor.

Detailed information about CVE-2025-60915: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60915: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-60915: n/a

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.

Detailed information about CVE-2025-60633: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60633: n/a

CVE-2025-60633: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-60917: n/a

CVE-2025-60632: n/a

CVE-2025-60916: n/a

CVE-2025-60915: n/a

CVE-2025-10555: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Dassault Systèmes DELMIA Service Process Engineer

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility