PT-2025-3869 · Unknown · Longpi1 Warehouse
Lvzc4
·
Published
2025-01-12
·
Updated
2025-01-12
·
CVE-2025-0398
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
longpi1 warehouse version 1.0
Description
A cross-site scripting issue has been found in the longpi1 warehouse software. The vulnerability affects an unknown functionality of the file /resources/..;/inport/updateInport of the Backend component. The manipulation of the
remark argument leads to cross-site scripting. The attack can be launched remotely. A public exploit has been disclosed, increasing the risk of exploitation.Recommendations
For longpi1 warehouse version 1.0, consider disabling the
remark argument in the /resources/..;/inport/updateInport functionality of the Backend component as a temporary workaround until a patch is available. Restrict access to the vulnerable /resources/..;/inport/updateInport endpoint to minimize the risk of exploitation. Avoid using the remark argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Longpi1 Warehouse