Vulnerabilities

CVE-2025-40730

by Fred · 28/07/2025

HTML injection in Vox Media’s Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the ‘q’ parameter in ‘/search’. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-vox-medias-chorus-cms

Similar

Tags: Cybersecurity Alert