CVE-2025-46657

HIGH

Karaz Karazal < 2025-04-14 - Reflected Cross-Site Scripting via Lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-46657. PoCs published by nov-1337.

AI-analyzed exploit summary This repository contains only a README file referencing CVE-2025-46657 without any exploit code or technical details. It appears to be a placeholder or announcement rather than a functional PoC.

Description

Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI.

Exploits (1)

nomisec WRITEUP 1 stars

by nov-1337 · poc

https://github.com/nov-1337/CVE-2025-46657

View Code ZIP pw:eip

This repository contains only a README file referencing CVE-2025-46657 without any exploit code or technical details. It appears to be a placeholder or announcement rather than a functional PoC.

Classification

Writeup 30%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unspecified

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/nov-1337/CVE-2025-46657/blob/main/CVE-2025-46657.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.2

EPSS 0.0027

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

karaz/karazal < 2025-04-14

Published Apr 27, 2025

Tracked Since Feb 18, 2026