PT-2025-35028 · Varnish +1 · Varnish +1

Nabil Irawan

·

Published

2025-08-28

·

Updated

2025-08-28

·

CVE-2025-48360

Report an issue
CVSS v3.1
5.9
VectorAV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions:

Razvan Stanga Varnish/Nginx Proxy Caching versions through 1.8.3

Description:

The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS).

Recommendations:

Update to a version later than 1.8.3.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-48360

Affected Products

Nginx
Varnish