CVE-2025-43717

Summary

In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.

Affected Software

VendorProductVersion RangeStatus
avbHTTP_Request20 < 2.7.0affected

Weaknesses

  • CWE-531: CWE-531 Inclusion of Sensitive Information in Test Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References