XSS in Circl Vulnerability-lookup
CVE-2025-42620
In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (15.8th percentile) — read the EPSS interpretation.
Affected products
- Circl Vulnerability-lookup — versions 0
Weakness classification (CWE)
References
- a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 (vendor-advisory)