MEDIUM🇵🇱 Wersja polska

CVE-2022-47968

CVSS 5.4v3.1pub. 2022-12-27upd. 2025-04-11

Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Linuxserver Heimdall Application Dashboard

    APP
    Linuxserver
    ≤ 2.5.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-54597HIGH7.2ten sam produkt

LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.

CVE-2025-50578CRITICAL9.8PL ✓ten sam vendor

Host Header Injection i Open Redirect w LinuxServer Docker-Heimdall