Cross-Site Scripting Vulnerability in Sirv CDN and Image Hosting
CVE-2025-46233
5.4MEDIUM
What is CVE-2025-46233?
A serious Cross-Site Scripting (XSS) vulnerability exists in Sirv CDN and Image Hosting, allowing for the storage of malicious scripts that can be executed in users' browsers. This vulnerability impacts versions from n/a to 7.5.3, posing potential risks to security and user data integrity if not properly addressed. It's essential for users of Sirv to implement necessary updates and follow best practices to mitigate any exploits associated with this vulnerability.
Affected Version(s)
Sirv <= 7.5.3
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)