Cross Site Scripting Vulnerability in Koillection by Benjamin Jonard
CVE-2025-29746

6.1MEDIUM

Key Information:

Vendor

Benjamin Jonard

Status
Koillection
Vendor
CVE Published:
7 May 2025

What is CVE-2025-29746?

A Cross Site Scripting vulnerability exists in Koillection version 1.6.10, allowing remote attackers to exploit the collection, Wishlist, and album components. This vulnerability could enable an attacker to execute malicious scripts, potentially allowing them to escalate privileges and compromise user data. Users of Koillection should immediately assess their installations and apply necessary security measures.

References

https://github.com/benjaminjonard/koillection/issues/1329
https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5d...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.