CVE-2025-6248: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Lenovo Browser
Severity: highType: vulnerabilityCVE-2025-6248
A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.
CVE-2025-6248: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Lenovo Browser
High
Published: Thu Jul 17 2025 (07/17/2025, 19:19:52 UTC)
Source: CVE Database V5
Vendor/Project: Lenovo
Product: Browser
Description
A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- lenovo
- Date Reserved
- 2025-06-18T18:33:45.443Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68794f7fa83201eaace86400
Added to database: 7/17/2025, 7:31:11 PM
Last updated: 7/17/2025, 7:31:11 PM
Views: 1
Related Threats
CVE-2025-6249: CWE-602: Client-Side Enforcement of Server-Side Security in Lenovo FileZ Client
HighVulnerabilityThu Jul 17 2025
CVE-2025-6232: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Lenovo Vantage
HighVulnerabilityThu Jul 17 2025
CVE-2025-6231: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Lenovo Vantage
HighVulnerabilityThu Jul 17 2025
CVE-2025-6230: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Lenovo Vantage
MediumVulnerabilityThu Jul 17 2025
CVE-2025-4657: CWE-122: Heap-based Buffer Overflow in Lenovo PC Manager
HighVulnerabilityThu Jul 17 2025
Actions
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.