Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by WhatCD
CVE-2025-10340 (GCVE-0-2025-10340)
Vulnerability from nvd – Published: 2025-09-13 02:32 – Updated: 2025-09-15 15:49
VLAI
Title
WhatCD Gazelle Commit Message change_log.php cross site scripting
Summary
A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/change_log.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323759 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323759 | signaturepermissions-required |
| https://vuldb.com/?submit.643534 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md | related |
| https://github.com/YZS17/CVE/blob/main/Gazelle/xs… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10340",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:48:57.508408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:49:02.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Commit Message Handler"
],
"product": "Gazelle",
"vendor": "WhatCD",
"versions": [
{
"status": "affected",
"version": "63b337026d49b5cf63ce4be20fdabdc880112fa3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU-17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/change_log.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed."
},
{
"lang": "de",
"value": "In WhatCD Gazelle bis 63b337026d49b5cf63ce4be20fdabdc880112fa3 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /sections/tools/managers/change_log.php der Komponente Commit Message Handler. Durch das Beeinflussen des Arguments Message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. F\u00fcr dieses Produkt wird ein Rolling-Release-Ansatz verwendet, wodurch eine st\u00e4ndige Bereitstellung erfolgt. Daher sind keine Versionsdetails zu betroffenen oder aktualisierten Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T02:32:05.307Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323759 | WhatCD Gazelle Commit Message change_log.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323759"
},
{
"name": "VDB-323759 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323759"
},
{
"name": "Submit #643534 | WhatCD Gazelle latest latest /commit 63b3370",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.643534"
},
{
"tags": [
"related"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-12T11:05:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "WhatCD Gazelle Commit Message change_log.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10340",
"datePublished": "2025-09-13T02:32:05.307Z",
"dateReserved": "2025-09-12T09:00:36.415Z",
"dateUpdated": "2025-09-15T15:49:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10340 (GCVE-0-2025-10340)
Vulnerability from cvelistv5 – Published: 2025-09-13 02:32 – Updated: 2025-09-15 15:49
VLAI
Title
WhatCD Gazelle Commit Message change_log.php cross site scripting
Summary
A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/change_log.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323759 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323759 | signaturepermissions-required |
| https://vuldb.com/?submit.643534 | third-party-advisory |
| https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md | related |
| https://github.com/YZS17/CVE/blob/main/Gazelle/xs… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10340",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:48:57.508408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:49:02.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Commit Message Handler"
],
"product": "Gazelle",
"vendor": "WhatCD",
"versions": [
{
"status": "affected",
"version": "63b337026d49b5cf63ce4be20fdabdc880112fa3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU-17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/change_log.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed."
},
{
"lang": "de",
"value": "In WhatCD Gazelle bis 63b337026d49b5cf63ce4be20fdabdc880112fa3 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /sections/tools/managers/change_log.php der Komponente Commit Message Handler. Durch das Beeinflussen des Arguments Message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. F\u00fcr dieses Produkt wird ein Rolling-Release-Ansatz verwendet, wodurch eine st\u00e4ndige Bereitstellung erfolgt. Daher sind keine Versionsdetails zu betroffenen oder aktualisierten Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T02:32:05.307Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323759 | WhatCD Gazelle Commit Message change_log.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323759"
},
{
"name": "VDB-323759 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323759"
},
{
"name": "Submit #643534 | WhatCD Gazelle latest latest /commit 63b3370",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.643534"
},
{
"tags": [
"related"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Gazelle/xss1.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-12T11:05:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "WhatCD Gazelle Commit Message change_log.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10340",
"datePublished": "2025-09-13T02:32:05.307Z",
"dateReserved": "2025-09-12T09:00:36.415Z",
"dateUpdated": "2025-09-15T15:49:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}