CVE-2025-60914

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Austrian Archaeological Institute Openatlas versions prior to 8.12.0

Description A flaw exists in access control within Austrian Archaeological Institute Openatlas. This allows attackers to gain access to sensitive information by sending a specially crafted GET request to the /display logo endpoint. The request is crafted to bypass security checks.

Recommendations Update to version 8.12.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-60914

Affected Products

Openatlas

CVE-2025-60914

Weakness Enumeration

Related Identifiers

Affected Products

References · 8