{"id":7019,"date":"2025-06-19T12:07:58","date_gmt":"2025-06-19T12:07:58","guid":{"rendered":"http:\/\/localhost\/?p=7019"},"modified":"2025-06-19T12:07:58","modified_gmt":"2025-06-19T12:07:58","slug":"luna-imaging-search-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7019","title":{"rendered":"Luna Imaging search cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nLuna Imaging search cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-19T15:00:16.319Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nLuna<\/td>\n<\/tr>\n
Product<\/th>\nImaging<\/td>\n<\/tr>\n
Version<\/th>\n7.5.5.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting (XSS) vulnerability in Luna Imaging versions up to 7.5.5.6 allows remote attackers to inject malicious scripts via the ‘q’ argument in the search function. The vendor did not respond to the disclosure, and the exploit is publicly available.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nLuna Imaging<\/td>\n<\/tr>\n
Product<\/th>\nLuna Imaging<\/td>\n<\/tr>\n
Affected Version<\/th>\n7.5.5.0, 7.5.5.1, 7.5.5.2, 7.5.5.3, 7.5.5.4, 7.5.5.5, 7.5.5.6<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n