CVE-2025-13058

LOW

Extplorer < 2.1.15 - Code Injection

Title source: rule

Description

A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue.

References (6)

Core 6

Core References

Third Party Advisory, US Government Resource vdb-entry technical-description

https://vuldb.com/?id.332185

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.332185

Third Party Advisory, US Government Resource third-party-advisory

https://vuldb.com/?submit.682370

Exploit, Issue Tracking issue-tracking

https://github.com/soerennb/extplorer/issues/33

Patch patch

https://github.com/soerennb/extplorer/commit/002def70b985f7012586df2c44368845bf405ab3

View Patch ZIP pw:eip

Various Sources product

https://github.com/soerennb/extplorer/

View Writeup ZIP pw:eip

Scores

CVSS v3 3.5

EPSS 0.0008

EPSS Percentile 23.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

extplorer/extplorer < 2.1.15

Published Nov 12, 2025

Tracked Since Feb 18, 2026