Home > Vulnerability Database > CVE-2025-30345

Mend.io Vulnerability Database

CVE-2025-30345

Good to know:

Date: March 20, 2025

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when deleting chats or deleting messages in these chats. This potentially allows attackers to interfere with the layout of the rendered website, but it is unlikely that victims would click on deleted chats or deleted messages.

Severity Score

3.5

Related Resources (3)

Url: https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30345

Url: https://www.mend.io/vulnerability-database/CVE-2025-30345

Severity Score

3.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Encoding or Escaping of Output

CWE-116

Top Fix

Upgrade Version

Upgrade to version https://github.com/OpenSlides/openslides-client.git - 4.2.5

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30345

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?