CVE-2025-60916: n/a
CVE-2025-60916 is a reflected cross-site scripting (XSS) vulnerability found in the /overview/network/ endpoint of the Austrian Archaeological Institute's Openatlas software prior to version 8. 12. 0. The flaw allows attackers to inject malicious scripts via the 'charge' parameter, which are then executed in the context of a user's browser without requiring user interaction. This vulnerability has a medium severity rating with a CVSS score of 5. 4, indicating limited impact on confidentiality and integrity but no impact on availability. Exploitation requires network access and low privileges but no user interaction. While no known exploits are currently reported in the wild, the vulnerability poses a risk of session hijacking, data theft, or unauthorized actions within the affected web application. European organizations using Openatlas, especially research institutions and cultural heritage entities, should prioritize patching and input validation to mitigate this threat. Countries with significant archaeological research infrastructure and Openatlas deployments, such as Austria, Germany, and Italy, are most likely to be affected.
AI Analysis
Technical Summary
CVE-2025-60916 is a reflected cross-site scripting (XSS) vulnerability identified in the Openatlas software developed by the Austrian Archaeological Institute. The vulnerability exists in the /overview/network/ endpoint, specifically through the 'charge' parameter, which fails to properly sanitize user-supplied input. An attacker can craft a malicious payload that, when injected into this parameter, is reflected back in the HTTP response and executed within the victim's browser context. This allows the attacker to run arbitrary JavaScript code, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability requires the attacker to have network access to the vulnerable endpoint and low privileges (PR:L), but does not require any user interaction (UI:N), increasing the risk of automated exploitation. The CVSS v3.1 base score is 5.4 (medium severity), reflecting limited confidentiality and integrity impact and no availability impact. No patches or exploit code are currently publicly available, and no known active exploitation has been reported. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS. Given the specialized nature of Openatlas as an archaeological research tool, the attack surface is relatively narrow but significant for affected organizations.
Potential Impact
For European organizations, particularly those involved in archaeological research, cultural heritage management, and academic institutions using Openatlas, this vulnerability could lead to unauthorized access to sensitive research data or user credentials. Exploitation could allow attackers to hijack user sessions, manipulate displayed data, or perform actions with the victim's privileges within the application. While the impact on availability is negligible, the compromise of confidentiality and integrity could undermine research integrity and data privacy. Since Openatlas is a niche product primarily used in European archaeological circles, the impact is geographically concentrated but critical for those affected. Additionally, successful exploitation could serve as a foothold for further attacks within the organization's network, especially if the compromised user has elevated privileges. The lack of user interaction requirement increases the risk of automated attacks targeting vulnerable endpoints.
Mitigation Recommendations
Organizations should immediately upgrade Openatlas to version 8.12.0 or later, where this vulnerability is addressed. In the absence of an available patch, implement strict input validation and output encoding on the 'charge' parameter to neutralize malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. Regularly audit web application logs for suspicious requests targeting the /overview/network/ endpoint. Limit access to the Openatlas web interface through network segmentation and firewall rules to reduce exposure. Educate users about the risks of XSS and encourage the use of modern browsers with built-in XSS protection features. Finally, monitor threat intelligence feeds for any emerging exploit code or attack campaigns targeting this vulnerability.
Affected Countries
Austria, Germany, Italy, France, United Kingdom, Spain, Netherlands
CVE-2025-60916: n/a
Description
CVE-2025-60916 is a reflected cross-site scripting (XSS) vulnerability found in the /overview/network/ endpoint of the Austrian Archaeological Institute's Openatlas software prior to version 8. 12. 0. The flaw allows attackers to inject malicious scripts via the 'charge' parameter, which are then executed in the context of a user's browser without requiring user interaction. This vulnerability has a medium severity rating with a CVSS score of 5. 4, indicating limited impact on confidentiality and integrity but no impact on availability. Exploitation requires network access and low privileges but no user interaction. While no known exploits are currently reported in the wild, the vulnerability poses a risk of session hijacking, data theft, or unauthorized actions within the affected web application. European organizations using Openatlas, especially research institutions and cultural heritage entities, should prioritize patching and input validation to mitigate this threat. Countries with significant archaeological research infrastructure and Openatlas deployments, such as Austria, Germany, and Italy, are most likely to be affected.
AI-Powered Analysis
Technical Analysis
CVE-2025-60916 is a reflected cross-site scripting (XSS) vulnerability identified in the Openatlas software developed by the Austrian Archaeological Institute. The vulnerability exists in the /overview/network/ endpoint, specifically through the 'charge' parameter, which fails to properly sanitize user-supplied input. An attacker can craft a malicious payload that, when injected into this parameter, is reflected back in the HTTP response and executed within the victim's browser context. This allows the attacker to run arbitrary JavaScript code, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability requires the attacker to have network access to the vulnerable endpoint and low privileges (PR:L), but does not require any user interaction (UI:N), increasing the risk of automated exploitation. The CVSS v3.1 base score is 5.4 (medium severity), reflecting limited confidentiality and integrity impact and no availability impact. No patches or exploit code are currently publicly available, and no known active exploitation has been reported. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS. Given the specialized nature of Openatlas as an archaeological research tool, the attack surface is relatively narrow but significant for affected organizations.
Potential Impact
For European organizations, particularly those involved in archaeological research, cultural heritage management, and academic institutions using Openatlas, this vulnerability could lead to unauthorized access to sensitive research data or user credentials. Exploitation could allow attackers to hijack user sessions, manipulate displayed data, or perform actions with the victim's privileges within the application. While the impact on availability is negligible, the compromise of confidentiality and integrity could undermine research integrity and data privacy. Since Openatlas is a niche product primarily used in European archaeological circles, the impact is geographically concentrated but critical for those affected. Additionally, successful exploitation could serve as a foothold for further attacks within the organization's network, especially if the compromised user has elevated privileges. The lack of user interaction requirement increases the risk of automated attacks targeting vulnerable endpoints.
Mitigation Recommendations
Organizations should immediately upgrade Openatlas to version 8.12.0 or later, where this vulnerability is addressed. In the absence of an available patch, implement strict input validation and output encoding on the 'charge' parameter to neutralize malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. Regularly audit web application logs for suspicious requests targeting the /overview/network/ endpoint. Limit access to the Openatlas web interface through network segmentation and firewall rules to reduce exposure. Educate users about the risks of XSS and encourage the use of modern browsers with built-in XSS protection features. Finally, monitor threat intelligence feeds for any emerging exploit code or attack campaigns targeting this vulnerability.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-09-26T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69247cb8efc7406fa668b29c
Added to database: 11/24/2025, 3:41:44 PM
Last enriched: 12/1/2025, 3:49:59 PM
Last updated: 1/8/2026, 8:15:09 PM
Views: 70
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-0747: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Devolutions Remote Desktop Manager
UnknownCVE-2025-65731: n/a
HighCVE-2025-68715: n/a
HighCVE-2025-66916: n/a
HighCVE-2025-66913: n/a
CriticalActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.