CVE-2025-1888

medium

Description

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.

References

https://blog.blacklanternsecurity.com/p/cve-2025-1888reflected-xss-in-aperio

Details

Source: Mitre, NVD

Published: 2025-03-14

Updated: 2025-03-14

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N