PT-2025-40985 · Unknown · Biobanking/Biomolecular Resources Negotiator
Published
2025-10-07
·
Updated
2025-10-07
·
CVE-2025-40649
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Biobanking and Biomolecular Resources Negotiator version 3.15.2
Description
A stored Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. A remote user can exploit this by sending a POST request with a crafted payload through the
text parameter in the '/api/v3/negotiations//posts' API endpoint. Successful exploitation could allow an attacker to steal the cookie session details of an authenticated user.Recommendations
Update Biobanking and Biomolecular Resources Negotiator to a version that addresses this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Biobanking/Biomolecular Resources Negotiator