tag in evidenza Sviluppo sostenibile Diversity Comunicazione istituzionale Climate strategy IOT

tag

CVE-2025-12453 - OpenText Vertica 

CVE-2025-12453 - OpenText Vertica

Vulnerability Description: Reflected Cross Site Scripting - CWE-79

Software Version: 10.0.1 

NISThttps://nvd.nist.gov/vuln/detail/CVE-2025-12453

CVSS

Severity: 

Credits: Marco Nappi, Mariano Forte, Federico Draghelli, Massimiliano Brolli

Cross-Site Scripting Reflected, an attacker can run arbitrary JavaScript code exploiting unmanaged input. 

Step-by-step instructions and PoC

  1.  Log in to the web application  
  2. Visit the provided URL 

Affected Endpoints

  • URL: https://:/webui/databases/1/perf?dashId=10
  • HTTP Parameter:dashId, dashZoom, queryMonTab, fromTime, toTime, queryMonInterval, selectQueryMonTab, expectedCompleted, expectedFailed, subclusterName, columnFilter, startTime 

Below are the evidences with the vulnerability details and the payloads used.

Payload used to exploit the vulnerability:</script><script>alert(document.cookie)</script>

Figure 1 - "dashId Parameter"

Click To Enlarge

Security Impact

The injected script can execute arbitrary JavaScript, leading to actions like redirecting the user to malicious websites, exfiltrating data, or further compromising the user's system.  

Back