Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0666

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7.

Published

2025-05-07T08:15:14.910

Last Modified

2025-07-08T16:44:16.057

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	universityofcalifornia	boinc_server	≤ 1.4.7	Yes

References

https://www.compass-security.com/fileadmin/Research/Advisories/2025_01_CSNC-2025-002_BOINC_multiple_XSS.txt Exploit, Third Party Advisory ([email protected])
https://www.compass-security.com/fileadmin/Research/Advisories/2025_01_CSNC-2025-002_BOINC_multiple_XSS.txt Exploit, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)