CVE-2025-29049

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions arnog MathLive versions 0.103.0 and earlier

Description The issue allows an attacker to execute arbitrary code via the MathLive function. This is a Cross Site Scripting vulnerability.

Recommendations For versions 0.103.0 and earlier, update to version 0.104.0 to resolve the issue. As a temporary workaround, consider disabling the MathLive function until the update is applied.

Exploit

Fix

Improper Encoding or Escaping of Output

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-79

Related Identifiers

BDU:2025-03789

CVE-2025-29049

GHSA-929M-PHJG-QWCC

GHSA-QWJ6-Q94F-8425

Affected Products

Mathlive

CVE-2025-29049

Weakness Enumeration

Related Identifiers

Affected Products

References · 10