Cross Site Scripting Vulnerability in Luna Imaging by Luna Imaging, Inc.
CVE-2025-6268

5.3MEDIUM

Key Information:

Vendor

Luna

Status
Imaging
Vendor
CVE Published:
19 June 2025

What is CVE-2025-6268?

A cross site scripting vulnerability has been identified in Luna Imaging, affecting versions up to 7.5.5.6. The issue arises from an unknown function in the file /luna/servlet/view/search, where improper handling of the query parameter 'q' allows attackers to execute malicious scripts in the context of users' sessions. This vulnerability can be exploited remotely, posing a significant threat to web application security. The vulnerability was disclosed publicly, yet the vendor has not responded to early notifications regarding the issue. Organizations using affected versions should take immediate action to secure their systems.

Affected Version(s)

Imaging 7.5.5.0

Imaging 7.5.5.1

Imaging 7.5.5.2

References

https://vuldb.com/?id.313272
vdb-entrytechnical-description
https://vuldb.com/?ctiid.313272
signaturepermissions-required
https://vuldb.com/?submit.592218
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

chor4o (VulDB User)
.
CVE-2025-6268 : Cross Site Scripting Vulnerability in Luna Imaging by Luna Imaging, Inc.