{"id":"CVE-2025-5990","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller","details":"An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.","modified":"2026-04-02T12:57:34.555661Z","published":"2025-06-15T18:01:09.667Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/5xxx/CVE-2025-5990.json","cwe_ids":["CWE-79"],"cna_assigner":"GitLab"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/5xxx/CVE-2025-5990.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5990"},{"type":"REPORT","url":"https://gitlab.com/crafty-controller/crafty-4/-/issues/567"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/crafty-controller/crafty-4","events":[{"introduced":"3fd7638082c10c3f3356a3d681f6d2342998b499"},{"last_affected":"ddee3eaea783f728c23785889ed77d6f678aa6ec"}],"database_specific":{"versions":[{"introduced":"4.2.2"},{"last_affected":"4.2.3"}]}},{"type":"GIT","repo":"https://gitlab.com/crafty-controller/crafty-4","events":[{"introduced":"0a296a0095d1bedd779fffae95ad4d198f28004f"},{"last_affected":"6652541876b9ab8f14e0fbaf5fe3b7bb624546d2"}],"database_specific":{"versions":[{"introduced":"4.3.0"},{"last_affected":"4.3.2"}]}},{"type":"GIT","repo":"https://gitlab.com/crafty-controller/crafty-4","events":[{"introduced":"e4f96f91180017b46cd0e0c00e119d81845848ec"},{"fixed":"0d37806af83c09a47c4b2b755a17860c644d637b"}],"database_specific":{"versions":[{"introduced":"4.4.0"},{"fixed":"4.4.10"}]}}],"versions":["v4.2.2","v4.2.3","v4.3.0","v4.3.1","v4.3.2","v4.4.0","v4.4.1","v4.4.2","v4.4.3","v4.4.4","v4.4.5","v4.4.6","v4.4.7","v4.4.8","v4.4.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5990.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"}]}