Reflected Cross-Site Scripting Vulnerability in Anapi Group's h6web
CVE-2025-1271

6.1MEDIUM

Key Information:

Vendor: Anapi Group
Status: H6web
Vendor: CVE Published:; 13 February 2025

Summary

A reflected Cross-Site Scripting (XSS) vulnerability exists in Anapi Group's h6web, enabling attackers to craft malicious URLs that can execute harmful JavaScript in the browser of unsuspecting users. This flaw can lead to the compromise of sensitive information, unauthorized actions on behalf of users, or even identity theft. When users click on the tainted link, their browsers unwittingly execute the injected scripts, posing a significant risk to both individual users and organizations relying on this web application.

Affected Version(s)

H6Web all versions

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 13, 2025

Credit

Bertrand Lorente Yáñez