Stored Cross-Site Scripting (XSS) in LUNA from Luna Imaging
LUNA version v7.5.5.6.
INCIBE has coordinated the publication of one medium-severity vulnerability affecting LUNA software from Luna Imaging, Inc., software for managing digital assets in museums, libraries, archives, cultural institutions, and special collections. The vulnerability was discovered by Miguel Segovia Gil.
This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type:
- CVE-2025-41065: CVSS v4.0: 5.1| CVSS AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
No solution has been reported at this time.
CVE-2025-41065: stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload is stored by the application and subsequently displayed without proper sanitization when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
| Identificador CVE | Severidad | Explotación | Fabricante |
|---|---|---|---|
