{"id":"CVE-2025-45236","details":"A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.","modified":"2026-04-10T05:27:42.689449Z","published":"2025-05-05T18:15:43.163Z","references":[{"type":"WEB","url":"http://dbsyncer.com"},{"type":"PACKAGE","url":"https://github.com/86dbs/dbsyncer"},{"type":"EVIDENCE","url":"https://gist.github.com/chao112122/504e224e63c9a966ba233df1d523ce4f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/86dbs/dbsyncer","events":[{"introduced":"0"},{"last_affected":"25d5f14c0803b40646348210ec459a98b3527a07"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.6"}]}}],"versions":["v1.0.0-Alpha","v1.0.1-Alpha","v1.0.2-Alpha","v1.0.3-Alpha","v1.0.5-Alpha","v1.0.6-Alpha","v1.0.7-Alpha","v1.0.8-Alpha","v1.0.9-Alpha","v1.1.0-Alpha","v1.1.1-Alpha","v1.1.2-Alpha","v1.1.3-Beta","v1.1.4-Beta","v1.1.5-Beta","v1.1.6-Beta","v1.1.7-Beta","v1.1.8-Beta","v1.1.9-Beta","v1.2.0-Beta","v1.2.1-RC","v1.2.2-RC","v1.2.3-RC","v1.2.4-RC","v1.2.5","v1.2.6","v1.2.7","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45236.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}