Untriaged
Permalink
CVE-2025-11687
6.1 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Gi-docgen: reflected dom xss in gi-docgen
A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS).
References
- https://access.redhat.com/security/cve/CVE-2025-11687 x_refsource_REDHAT vdb-entry
- RHBZ#2403536 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228
Affected products
gi-docgen
- <2025.5
Package maintainers
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>