CVE-2025-15562

Name of the Vulnerable Software and Affected Versions versions prior to 2025 (affected versions not specified)

Description The server API endpoint /report/internet/urls reflects received data into the HTML response without proper encoding or filtering. This can allow an attacker to execute arbitrary JavaScript in a victim’s browser if the victim opens a URL prepared by the attacker. The vulnerable parameter is the URL provided to the /report/internet/urls API endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.