Home > Vulnerability Database > CVE-2025-63848

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2025-63848

Good to know:

Date: November 19, 2025

Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook.

Severity Score

6.1

Related Resources (4)

Url: https://github.com/coderMohammed1/CVE-2025-63848

Url: https://github.com/SWI-Prolog

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-63848

Url: https://www.mend.io/vulnerability-database/CVE-2025-63848

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Do you need more information?

Contact Us