CVE-2025-31165

Summary

Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature.

Affected Software

VendorProductVersion RangeStatus
FPT SoftwareNightWolf Penetration Platform1.2.2affected
FPT SoftwareNightWolf Penetration Platform1.2.3unaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References