PT-2025-13592 · Onenav · Onenav

Published

2025-03-28

Updated

2025-03-29

CVE-2025-28097

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OneNav version 1.1.0

Description The issue is related to Cross Site Scripting (XSS) in custom headers. This means that an attacker could potentially inject malicious scripts into the headers of the OneNav application, which could then be executed by the user's browser.

Recommendations For OneNav version 1.1.0, update to a version that fixes the Cross Site Scripting (XSS) issue in custom headers, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of custom headers to minimize the risk of exploitation.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-28097

Affected Products

Onenav

PT-2025-13592 · Onenav · Onenav

CVE-2025-28097

Weakness Enumeration

Related Identifiers

Affected Products

References · 7