{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T08:31:10.291","vulnerabilities":[{"cve":{"id":"CVE-2025-1271","sourceIdentifier":"cve-coordination@incibe.es","published":"2025-02-13T13:15:09.433","lastModified":"2026-01-29T19:10:56.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user."},{"lang":"es","value":"Cross-Site Scripting (XSS) Reflejado en h6web de Anapi Group. Esta falla de seguridad podría permitir a un atacante inyectar código JavaScript malicioso en una URL. Cuando un usuario accede a esa URL, el código inyectado se ejecuta en su navegador, lo que puede provocar el robo de información confidencial, robo de identidad o la ejecución de acciones no autorizadas por parte del usuario afectado."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anapi:h6web:-:*:*:*:*:*:*:*","matchCriteriaId":"50A1F49F-CA64-4AA2-BC41-C7F097F37BA2"}]}]}],"references":[{"url":"https:\/\/www.incibe.es\/en\/incibe-cert\/notices\/aviso\/multiple-vulnerabilities-anapi-group-h6web","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]}]}}]}