PT-2025-17804 · Unknown · Navegg Analytics

Johska

Published

2025-04-24

Updated

2025-04-26

CVE-2025-46497

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Navegg Analytics versions n/a through 3.3.3

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS in Navegg Analytics.

Recommendations For versions n/a through 3.3.3, update to a version that contains a fix for this issue, as the current version is affected by the CSRF vulnerability that enables Stored XSS.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-46497

Affected Products

Navegg Analytics

PT-2025-17804 · Unknown · Navegg Analytics

CVE-2025-46497

Weakness Enumeration

Related Identifiers

Affected Products

References · 6