XSS in Qgis Qwc2
CVE-2025-11183
Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 <2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (31.9th percentile) — read the EPSS interpretation.
Affected products
- Qgis Qwc2 — versions 0, 2025.08.14
Weakness classification (CWE)
References
- vulnerability@ncsc.ch (technical-description)