What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terminalafrica Terminal Africa terminal-africa allows Reflected XSS.This issue affects Terminal Africa: from n/a through <= 1.13.24.
Explanation of Vulnerability in Simple Terms
02Summary
Terminal Africa versions up to 1.13.24 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. An attacker can craft a malicious link that, when clicked by a site visitor, executes arbitrary JavaScript in the victim's browser. This can lead to session hijacking, credential theft, or defacement. The vulnerability affects all users who click a crafted link.
What an attacker can do
03Attacker Capabilities
Inject and execute malicious JavaScript in a visitor's browser to steal session cookies, credentials, or deface the site.
Potential impact on your site
04Site Impact
Visitors clicking attacker-controlled links may have their sessions hijacked or credentials stolen; site reputation and user trust at risk.
Conditions required to exploit
05Prerequisites
An attacker must trick a site visitor into clicking a malicious link (no authentication required).
Key dates
06Disclosure timeline
April 17, 2025
CVE published
April 28, 2026
Record updated