{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T19:10:23.841","vulnerabilities":[{"cve":{"id":"CVE-2025-53528","sourceIdentifier":"security-advisories@github.com","published":"2025-07-21T21:15:25.883","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the \"/docs\" endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. This XSS would notably allow an attacker to execute JavaScript code on a user's session for any application based on Cadwyn via a one-click attack. The vulnerability has been fixed in version 5.4.3."},{"lang":"es","value":"Cadwyn crea un control de versiones de API moderno, similar a Stripe, basado en la comunidad y listo para producción en FastAPI. En las versiones 5.4.3 y anteriores, el parámetro de versión del endpoint \"/docs\" es vulnerable a un ataque XSS reflejado (Cross-Site Scripting). Este XSS permitiría a un atacante ejecutar código JavaScript en la sesión de un usuario para cualquier aplicación basada en Cadwyn mediante un ataque de un solo clic. La vulnerabilidad se ha corregido en la versión 5.4.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/zmievsa/cadwyn/commit/b424ecd57cd8dabbc8fe39b8f8ccafea629c7728","source":"security-advisories@github.com"},{"url":"https://github.com/zmievsa/cadwyn/security/advisories/GHSA-2gxp-6r36-m97r","source":"security-advisories@github.com"}]}}]}