{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T15:33:15.609","vulnerabilities":[{"cve":{"id":"CVE-2025-30342","sourceIdentifier":"cve@mitre.org","published":"2025-03-21T06:15:26.510","lastModified":"2025-03-27T13:35:33.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly encoded when reflected; however, adding attributes to links is possible, which allows the injection of JavaScript via the onmouseover attribute and others. When a user moves the mouse over such a prepared link, JavaScript is executed in that user's session."},{"lang":"es","value":"Se detectó un problema de XSS en OpenSlides antes de la versión 4.2.5. Al enviar descripciones como Notas del moderador o Temas de la agenda, se muestra un editor que permite formatear el texto enviado. Esto permite insertar varios elementos HTML. Al insertar un elemento SCRIPT, este se codifica correctamente al reflejarse; sin embargo, es posible añadir atributos a los enlaces, lo que permite la inyección de JavaScript mediante el atributo onmouseover y otros. Cuando un usuario pasa el ratón sobre un enlace preparado, se ejecuta JavaScript en su sesión."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openslides:openslides:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.5","matchCriteriaId":"A9F2C3CC-918A-4329-A59D-DEFECC0489A1"}]}]}],"references":[{"url":"https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}