{"id":"CVE-2025-11183","summary":"Cross-Site Scripting Vulnerability in QWC2","details":"Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 \u003c2025.08.14\nallows an authorized attacker to plant arbitrary JavaScript code in the page","aliases":["GHSA-gxp8-m5rq-3m38"],"modified":"2026-07-08T08:10:21.016918505Z","published":"2025-10-13T09:17:52.854Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11183.json","cwe_ids":["CWE-79"],"cna_assigner":"NCSC.ch"},"references":[{"type":"WEB","url":"https://github.com"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11183.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11183"},{"type":"PACKAGE","url":"https://github.com/qgis/qwc2"},{"type":"ARTICLE","url":"https://hub.ntc.swiss/ntcf-2025-4286"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qgis/qwc2","events":[{"introduced":"0"},{"fixed":"e180e0cf3ae1a71e91383d525899c368a26bdf65"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2025.08.14"}],"source":"AFFECTED_FIELD"}}],"versions":["v2025.08.07","v2025.08.06","v2025.07.29","v2025.07.23","v2025.07.22","v2025.07.20","v2025.07.13","v2025.07.10","v2025.07.06","v2025.07.03","v2025.07.02","v2025.07.01","v2025.06.27","v2025.06.13","v2025.06.10","v2025.06.04","v2025.06.03","v2025.05.27","v2025.05.26","v2025.05.23","v2025.05.21","v2025.05.16","v2025.05.15","v2025.05.12","v2025.05.07.1","v2025.05.07","v2025.04.30","v2025.04.22","v2025.04.14","v2025.04.10","v2025.04.09","v2025.04.04","v2025.04.03","v2025.04.02.1","v2025.04.02","v2025.04.01","v2025.03.31","v2025.03.27","v2025.03.26","v2025.03.13","v2025.03.12","v2025.03.06"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11183.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/RE:L"}]}