Cross-Site Scripting Vulnerability in Astun Technology iShare Maps 5.4.0
CVE-2025-5378

5.3MEDIUM

Key Information:

Vendor

Astun Technology

Status
Ishare Maps
Vendor
CVE Published:
31 May 2025

What is CVE-2025-5378?

A cross-site scripting vulnerability has been identified in Astun Technology's iShare Maps version 5.4.0, specifically within the mycouncil2.aspx file. This vulnerability allows an attacker to manipulate the atTxtStreet argument, enabling the execution of arbitrary JavaScript code in the user's browser. The attack can be executed remotely, posing significant risks to users who interact with the affected application. Despite early notifications to the vendor regarding this security issue, there has been no response, leaving the exposure to potential exploitation.

Affected Version(s)

iShare Maps 5.4.0

References

https://vuldb.com/?id.310671
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310671
signaturepermissions-required
https://vuldb.com/?submit.582841
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alexandre Rodrigo (VulDB User)
.
CVE-2025-5378 : Cross-Site Scripting Vulnerability in Astun Technology iShare Maps 5.4.0