{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T16:18:18.944","vulnerabilities":[{"cve":{"id":"CVE-2025-1888","sourceIdentifier":"cves@blacklanternsecurity.com","published":"2025-03-14T17:15:50.807","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the \"memo\" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript."},{"lang":"es","value":"Leica Web Viewe de la aplicación Aperio Eslide Manager es vulnerable a ataques de cross-site scripting (XSS). Un usuario autenticado puede acceder a las diapositivas de un proyecto e inyectar JavaScript malicioso en el campo \"memo\". Al pasar el cursor sobre el campo \"memo\", se muestra una información sobre herramientas de Microsoft que permite al usuario ver rápidamente la nota asociada a la diapositiva y ejecutar el JavaScript."}],"metrics":{"cvssMetricV31":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}]},"weaknesses":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://blog.blacklanternsecurity.com/p/cve-2025-1888reflected-xss-in-aperio","source":"cves@blacklanternsecurity.com"}]}}]}