VDB
CVE-2025-2361
CVE-2025-2361
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS 0.22% · 44.7th percentile
Risk Scores
CVSS v4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.22%
44.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mercurial | SCM | 4.5.3, 71.19.145.211 |
Timeline
- Mar 17, 2025 EPSS Score
- Mar 17, 2025 CVE Published
- Mar 17, 2025 PoC Published
- Mar 18, 2025 Coalition ESS Score
- Mar 21, 2025 Coalition ESS Score
- Mar 27, 2025 Coalition ESS Score
- Mar 27, 2025 CVE Updated
- Mar 30, 2025 EPSS Score
- Apr 13, 2025 EPSS Score
- Apr 26, 2025 EPSS Score
- May 10, 2025 EPSS Score
- May 23, 2025 EPSS Score
References
- VDB-299860 | Mercurial SCM Web Interface cross site scripting vdb
- VDB-299860 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #514024 | Mercurial Mercurial SCM Web Interface 4.5.3 CRLF Injection leads to Cross-Site Scripting third-party-advisory
- http://www.openwall.com/lists/oss-security/2025/03/21/2 url
- https://lists.debian.org/debian-lts-announce/2025/03/msg00020.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-2361 advisory