CVE ID : CVE-2025-49590
Published : June 18, 2025, 11:15 p.m. | 2 hours, 47 minutes ago
Description : CryptPad is a collaboration suite. Prior to version 2025.3.0, the “Link Bouncer” functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an “early allow” code path that happens before the URI’s protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More