Primary

Context

SWI-Prolog SWISH Stored Cross-Site Scripting Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stored cross-site scripting vulnerability has been identified in SWI-Prolog's web IDE, SWISH, affecting versions through 2.2.0. This vulnerability allows attackers to execute arbitrary code by injecting malicious scripts into crafted web IDE notebooks.

Impact

Exploitation of this vulnerability could lead to account takeover.

Remediation

Users are advised to upgrade to the latest version of SWI-Prolog SWISH to mitigate this vulnerability.

Added: Nov 20, 2025, 5:19 PM

Updated: Nov 20, 2025, 10:35 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SWI-Prolog SWISH Stored Cross-Site Scripting Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

SWI-Prolog

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating