CVE-2025-9422

Summary

A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
oitcodesamarium0.9.0affected
oitcodesamarium0.9.1affected
oitcodesamarium0.9.2affected
oitcodesamarium0.9.3affected
oitcodesamarium0.9.4affected
oitcodesamarium0.9.5affected
oitcodesamarium0.9.6affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References