CVE-2025-49590 | CryptPad 1.1.1/3.0.0 Link Bouncer incomplete denylist to cross-site scripting (GHSA-vq9h-x3gr-v8rj)

A vulnerability, which was classified as problematic, was found in CryptPad 1.1.1/3.0.0. Affected is an unknown function of the component Link Bouncer. The manipulation leads to incomplete denylist to cross-site scripting.

This vulnerability is traded as CVE-2025-49590. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More