CVE-2025-1888

MEDIUM

Aperio Eslide Manager >=12.3.2.5030 <12.3.2.5030 - Authenticated Reflected Cross-Site Scripting via Memo Field

Title source: llm
STIX 2.1

Description

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.

References (1)

Core 1
Core References

Scores

CVSS v3 4.6
EPSS 0.0021
EPSS Percentile 11.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Leica BioSystems/Aperio Eslide Manager 12.3.2.5030
Published Mar 14, 2025
Tracked Since Feb 18, 2026