CVE-2025-54316

{"id": "CVE-2025-54316", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.8}]}, "published": "2025-07-20T19:15:24.230", "references": [{"url": "https://servicedesk.logpoint.com/hc/en-us/articles/28685383084317-XSS-vulnerability-in-Report-Templates-using-built-in-Jinja-filter-functions", "source": "cve@mitre.org"}, {"url": "https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.6.0. Al crear informes, los atacantes pod\u00edan crear plantillas Jinja personalizadas que encadenaban funciones de filtro integradas para generar payloads XSS. El motor de plantillas de informes de Logpoint puede renderizar estas payloads, lo que las hace vulnerables a ataques de cross-site scripting (XSS)."}], "lastModified": "2025-07-30T16:15:28.390", "sourceIdentifier": "cve@mitre.org"}