CVE-2025-1888
Reflected Cross Site Scripting in Aperio Eslide Manager
The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Productos afectados
Leica BioSystems · Aperio Eslide Manager¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →