CVE-2025-50183

MEDIUM

OpenList Frontend <4.0.0-rc.4 - Stored XSS

Title source: llm
STIX 2.1

Description

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in <script> tags may be interpreted and executed as HTML in certain modes. This leads to a stored XSS vulnerability. This issue has been patched in version 4.0.0-rc.4.

Scores

CVSS v3 6.5
EPSS 0.0028
EPSS Percentile 19.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
openlist-frontend/openlist-frontend 0 - 4.0.0-rc.4npm
OpenListTeam/OpenList < 4.0.0-rc.4
Published Jun 19, 2025
Tracked Since Feb 18, 2026