CVE-2025-5990 Information

Description

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote authenticated attacker to perform stored XSS via malicious form input.

Reference

https://gitlab.com/crafty-controller/crafty-4/-/issues/567

Related CNNVD

CNNVD-202506-1841 (Published: 2025-06-15)