Home

Description

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI <=v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page

PUBLISHED Reserved 2025-09-30 | Published 2025-10-13 | Updated 2025-10-14 | Assigner NCSC.ch




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/RE:L

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status
unaffected

Any version
affected

2025.09.30
unaffected

Credits

Swiss National Test Institute for Cybersecurity NTC finder

Swiss National Cybersecurity Centre coordinator

Sandro Mani remediation developer

References

hub.ntc.swiss/ntcf-2025-7724 technical-description

cve.org (CVE-2025-11184)

nvd.nist.gov (CVE-2025-11184)

Download JSON