Cross-Site Scripting Flaw in Vulnerability Lookup by Vulnerability Lookup

CVE-2025-60249

What is CVE-2025-60249?

A cross-site scripting vulnerability exists in Vulnerability Lookup version 2.16.0, allowing attackers to inject arbitrary JavaScript through untrusted user input in Bundles, Comments, and Sightings components. This flaw arises from inadequate sanitization and validation of user-supplied data, particularly concerning unsafe uses of innerHTML. Attackers can exploit this weakness by adding malicious content, which may compromise the application. The issue has been addressed by implementing stricter input validation, escaping untrusted data, and replacing insecure DOM methods.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References