Reflected Cross-site scripting (XSS) vulnerability in Apt-Cacher-NG_CVE-2025-11146

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.

Basic Information

ID CVE-2025-11146

Source INCIBE

Published Sep 29, 2025 at 09:26

Affected Product

Vendor Apt-Cacher-NG

Product Apt-Cacher-NG

Version 3.2.1

Affected Versions Apt-Cacher-NG Apt-Cacher-NG 3.2.1

CWE Classification

CWE-79

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-apt-cacher-ng

{
    "lastseen": "",
    "description": "Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in \u201c/acng-report.html\u201d.",
    "published": "2025-09-29T09:26:35.157Z",
    "modified": "2025-09-29T09:26:35.157Z",
    "type": "cve",
    "title": "Reflected Cross-site scripting (XSS) vulnerability in Apt-Cacher-NG",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apt-cacher-ng",
    "id": "CVE-2025-11146",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Apt-Cacher-NG Apt-Cacher-NG 3.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apt-Cacher-NG",
    "version": "3.2.1",
    "vendor": "Apt-Cacher-NG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}