CVE-2025-60917 is a reflected cross-site scripting (XSS) vulnerability identified in the Openatlas software developed by the Austrian Archaeological Institute. The vulnerability exists in the /overview/network/ endpoint, specifically in the handling of the 'color' parameter. Due to insufficient input validation and output encoding, an attacker can craft a malicious payload embedded in the 'color' parameter that, when a user accesses the manipulated URL, executes arbitrary JavaScript code within the victim's browser context. This reflected XSS attack vector requires the victim to click on or visit a specially crafted link, enabling attackers to perform actions such as session hijacking, credential theft, or delivering further malware. The vulnerability affects versions prior to 8.12.0, with no specific affected versions detailed. The CVSS 3.1 base score of 4.6 indicates a medium severity, with attack vector being network-based, low attack complexity, requiring privileges (PR:L) and user interaction (UI:R). The impact is limited to confidentiality and integrity, with no availability impact. No public exploits or patches are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The weakness corresponds to CWE-79, a common web application security issue related to improper neutralization of input for web pages.

For European organizations, particularly academic and research institutions using Openatlas for archaeological data management, this vulnerability poses a risk of client-side code execution leading to session hijacking, unauthorized data access, or manipulation of user interactions. Although the impact is medium severity, successful exploitation could compromise user credentials or sensitive research data, undermining confidentiality and integrity. The requirement for user interaction limits automated exploitation but does not eliminate risk, especially in environments where users may be targeted via phishing or social engineering. Given the specialized nature of Openatlas, the threat is more pronounced in institutions with active archaeological research projects. The lack of availability impact reduces the risk of service disruption, but reputational damage and data leakage remain concerns. European organizations must consider this vulnerability within their broader web application security posture and incident response planning.

Organizations should immediately review and restrict access to the /overview/network/ endpoint, applying input validation and output encoding on the 'color' parameter to neutralize malicious scripts. Until an official patch is released, deploying web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'color' parameter can reduce risk. User education on phishing and suspicious links is critical to prevent exploitation via social engineering. Implement Content Security Policy (CSP) headers to restrict script execution sources and reduce the impact of XSS attacks. Regularly monitor logs for unusual requests to the vulnerable endpoint and conduct security assessments to identify similar vulnerabilities. Coordinate with the software vendor for timely patch deployment once available. Additionally, consider isolating Openatlas instances within segmented network zones to limit exposure.