CVE-2025-13796 | deco-cx apps up to 0.120.1 Parameter analyticsScript.ts AnalyticsScript url server-side request forgery (ID 1360)

A vulnerability was found in deco-cx apps up to 0.120.1 and classified as critical. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery.

This vulnerability is documented as CVE-2025-13796. The attack can be executed remotely. Additionally, an exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More