XSS in Circl Vulnerability-lookup

CVE-2025-42620

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (15.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References