VulnerAlert



APPLICATION
19-12-2025 23:22

CVE-2025-14046 Vulnerabilidad documentada

Sin puntuación
Tags
#exploit
#critical
#data
#server
#github
#git
#application
#vulnerability
#affected
#improper
#privilege
#malicious
#inject
#critic
#allow
#attack
#access
#unauthorized
#affect
Descripción
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs collided server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by certain Project views, leading unintended server-side POST requests other unauthorized backend interactions. Successful exploitation requires an attacker have access the target instance and entice a privileged user view crafted malicious content includes conflicting elements. This affected all versions prior 3.18.3, 3.17.9, 3.16.12, 3.15.16, 3.14.21.
https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.21
https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.16
https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.12
https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.9
https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.3
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-14046
Resultados similares
Coincidentes en almenos en 50% de los tags
19-12-2025 CVE-2025-65657
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Managemen...
Ver información
19-12-2025 CVE-2025-10939
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the ou...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por