Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
EUVD-2025-25181 | moonshine Stored Cross-Site Scripting Vulnerability in Create Admin |
![]() |
GHSA-rh9f-gr6q-mpc4 | moonshine Stored Cross-Site Scripting Vulnerability in Create Admin |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Thu, 21 Aug 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Moonshine
Moonshine moonshine |
|
CPEs | cpe:2.3:a:moonshine:moonshine:*:*:*:*:*:*:*:* | |
Vendors & Products |
Moonshine
Moonshine moonshine |
Wed, 20 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin. |
Tue, 19 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 19 Aug 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-20T19:00:39.734Z
Reserved: 2025-06-16T00:00:00.000Z
Link: CVE-2025-51488

Updated: 2025-08-19T18:27:25.789Z

Status : Analyzed
Published: 2025-08-19T15:15:28.607
Modified: 2025-08-21T14:30:16.077
Link: CVE-2025-51488

No data.

No data.