CVE-2025-2361 MEDIUM

CVE-2025-2361: Mercurial SCM Web Interface cross site scripting

Vendor Mercurial
Product SCM
Weakness CWE-79 · XSS
Published March 17, 2025
Last update March 27, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

March 17, 2025 CVE published
March 27, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-6345 SourceCodester My Food Recipe Add Recipe Page add-recipe.php addRecipeModal cross site scripting CVE-2020-37044 OpenCTI 3.3.1 - Cross Site Scripting CVE-2026-27376 WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package CVE-2025-23548 WordPress Responsivity plugin <= 0.0.6 - Reflected Cross Site Scripting (XSS) vulnerability