CVE-2025-40730 Information

Description

HTML injection in Vox Media’s Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the ‘q’ parameter in ‘/search’. This vulnerability can be exploited to steal sensitive user data such as session cookies or to perform actions on behalf of the user.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-vox-medias-chorus-cms

Related CNNVD

CNNVD-202507-3500 (Published: 2025-07-28)