Cross-Site Scripting Issue in QGIS QWC2 Registration GUI
CVE-2025-11184

6.9MEDIUM

Key Information:

Vendor: Qwc-services
Status: Qwc-registration-gui
Vendor: CVE Published:; 13 October 2025

🔔 Create Qwc-services Vulnerability Alert

What is CVE-2025-11184?

A cross-site scripting vulnerability exists in the QGIS QWC2 Registration GUI, allowing authorized attackers to inject arbitrary JavaScript code. This could lead to unauthorized actions or data exposure, making it essential for users and administrators to implement security measures to mitigate potential threats.

Affected Version(s)

qwc-registration-gui 0

qwc-registration-gui 2025.09.30

References

https://hub.ntc.swiss/ntcf-2025-7724

technical-description

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Sep 30, 2025

Credit

Swiss National Test Institute for Cybersecurity NTC

Swiss National Cybersecurity Centre

Sandro Mani

JSON