{"id":"CVE-2020-25449","details":"Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.","aliases":["GHSA-8q2h-4mq6-396j","PYSEC-2020-226"],"modified":"2025-11-20T11:21:45.395067Z","published":"2020-12-04T20:15:12.920Z","references":[{"type":"EVIDENCE","url":"https://itsmeanonartist.tech/blogs/blog2.html"},{"type":"EVIDENCE","url":"https://packetstormsecurity.com/files/159070/Cabot-0.11.12-Cross-Site-Scripting.html"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/48791"},{"type":"EVIDENCE","url":"https://www.exploitalert.com/view-details.html?id=36106"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/arachnys/cabot","events":[{"introduced":"0"},{"last_affected":"20fada0aff8a14657bc08d68c5225ace25dee45f"}]}],"versions":["0.10.0","0.10.0b5","0.10.0b6","0.10.0b7","0.10.1","0.10.2","0.10.2b1","0.10.3","0.10.4","0.10.5","0.10.6","0.10.7","0.10.8","0.11.0","0.11.1","0.11.10","0.11.11","0.11.12","0.11.2","0.11.3","0.11.4","0.11.5","0.11.6","0.11.6b1","0.11.6b2","0.11.6b3","0.11.7","0.6.0","0.7.0","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.9.0","0.9.1","0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25449.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}