CVE-2025-59948 | FreshRSS up to 1.26.x Allow API api/query.php history.replaceState cross site scripting (GHSA-rwhf-vjjx-gmm9)

A vulnerability classified as problematic was found in FreshRSS up to 1.26.x. Affected by this vulnerability is the function history.replaceState of the file api/query.php of the component Allow API. Executing manipulation can lead to cross site scripting.

This vulnerability is handled as CVE-2025-59948. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More