Skip to content

Reflected XSS on Tag Search

Moderate
andrasbacsai published GHSA-f2gf-jvmh-vq73 Jan 24, 2025

Package

coolify (coollabsio)

Affected versions

< v4.0.0-beta.361

Patched versions

v4.0.0-beta.361

Description

The tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to an XSS.

Severity

Moderate

CVE ID

CVE-2025-24025

Weaknesses

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. Learn more on MITRE.

Credits