CVE-2025-31165 MEDIUM

CVE-2025-31165: Cross Site Scripting in NightWolf Penetration Platform

Vendor Fpt Software

Product NightWolf Penetration Platform

Weakness CWE-79 · XSS

Published March 27, 2025

Last update March 28, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N

What the vulnerability does

01Description

Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature.

Key dates

02Disclosure timeline

March 27, 2025 CVE published

March 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-31165

Related vulnerabilities

04Related CVE

CVE-2025-10181 Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-10876 XSS in Talent Software's e-Bap CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI CVE-2023-46093 WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) CVE-2024-54347 WordPress FloristPress plugin <= 7.2.0 - Reflected Cross Site Scripting (XSS) vulnerability