CVE-2025-48076
04.11.2025, 21:15
Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.
| Vendor | Product | Version |
|---|---|---|
| galette | galette | 𝑥 < 1.2.0 |
| galette | galette | 1.2.0:alpha |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-87 - Improper Neutralization of Alternate XSS SyntaxThe software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.