CVE-2025-24025

LOW Year: 2025
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-116
View all →

Vulnerability Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue.

Related Vulnerabilities

CVE-2017-18892

MEDIUM
CVSS:6.1(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

CWE-1162017

CVE-2021-21684

MEDIUM
CVSS:6.1(Medium)

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scriptin...

CWE-1162021

CVE-2021-34630

MEDIUM
CVSS:6.1(Medium)

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this us...

CWE-1162021

CVE-2021-41132

MEDIUM
CVSS:6.1(Medium)

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of saniti...

CWE-1162021

CVE-2021-43106

MEDIUM
CVSS:6.1(Medium)

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause t...

CWE-1162021

CVE-2022-0220

MEDIUM
CVSS:6.1(Medium)

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/...

CWE-1162022