CVE-2025-1271

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 13, 2025

CWE ID 79

Summary

CVE-2025-1271 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting Anapi Group's h6web. Malicious actors can exploit this flaw by injecting malicious JavaScript code into a URL. When an unsuspecting user clicks on the malicious link, their browser executes the injected code, potentially leading to the theft of sensitive information, identity theft, or unauthorized actions on behalf of the user. This vulnerability poses a significant risk and requires immediate attention and mitigation efforts from Anapi Group and its users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3U9Wfi
https://www.cve.org/CVERecord?id=CVE-2025-1271
https://nvd.nist.gov/vuln/detail/CVE-2025-1271

Back to Vulnerability Database

CVE-2025-1271

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations