Primary

Context

Galette Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Galette versions through 1.1.5.2. This issue allows users to edit group names and inject XSS payloads, which are then executed when the group name is viewed. The vulnerability has been addressed in Galette version 1.2.0.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the group name.

Remediation

Users can upgrade to Galette version 1.2.0 to address this vulnerability.

Added: Nov 4, 2025, 9:23 PM

Updated: Nov 4, 2025, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Galette Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Galette

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating