CVE-2025-36558

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://packages.revolutionpi.de/pool/main/p/pictory/", "name": "http://packages.revolutionpi.de/pool/main/p/pictory/", "tags": [], "refsource": ""}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an sso_token, that script will reply to the user and be executed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-97"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-36558", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {}, "publishedDate": "2025-05-01T19:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-01T19:15Z"}