CVE-2025-13058

Summary

A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue.

Affected Software

VendorProductVersion RangeStatus
soerennbeXtplorer2.1.0affected
soerennbeXtplorer2.1.1affected
soerennbeXtplorer2.1.2affected
soerennbeXtplorer2.1.3affected
soerennbeXtplorer2.1.4affected
soerennbeXtplorer2.1.5affected
soerennbeXtplorer2.1.6affected
soerennbeXtplorer2.1.7affected
soerennbeXtplorer2.1.8affected
soerennbeXtplorer2.1.9affected
soerennbeXtplorer2.1.10affected
soerennbeXtplorer2.1.11affected
soerennbeXtplorer2.1.12affected
soerennbeXtplorer2.1.13affected
soerennbeXtplorer2.1.14affected
soerennbeXtplorer2.1.15affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References