Vulnerability Details CVE-2025-1271
Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.9%
CVSS Severity
CVSS v3 Score 6.1
References