Cross-Site Scripting Vulnerability in Coolify by Coollabs
CVE-2025-24025
1.3LOW
Summary
Coolify, an open-source server management tool, has a vulnerability in its tags page that can lead to Cross-Site Scripting. Specifically, when a user conducts a search for tags that yield no results, the unfiltered query appears in an error modal. This flaw allows for the injection of malicious scripts, which can compromise user security. The issue has been addressed in version 4.0.0-beta.380, providing necessary mitigation for users.
Affected Version(s)
coolify < 4.0.0-beta.361
References
CVSS V4
Score:
1.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved