Stored Cross-Site Scripting Vulnerability in Konsola Proget by Konsola
CVE-2025-1420

2.4LOW

Key Information:

Vendor: Proget
Status: Proget
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-1420?

A vulnerability in Konsola Proget allows a high-privileged user to execute a Stored Cross-Site Scripting (XSS) attack due to improper sanitization of the input in the 'activationMessage' field. This flaw can lead to unauthorized actions, data exposure, and further exploitation if not addressed. The issue has been resolved in version 2.17.5 of Konsola Proget, which emphasizes the importance of regularly updating software to protect against such vulnerabilities.

Affected Version(s)

Proget 0 < 2.17.5

References

https://cert.pl/en/posts/2025/05/CVE-2025-1415

third-party-advisory

https://proget.pl/en/mobile-device-management/

product

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
Feb 18, 2025

Credit

Marcin Węgłowski (AFINE)