CVE-2025-56537

CVE-2025-56537

Name

CVE-2025-56537

Description

A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/MarkArtamonov/OpenNebula-CVE-2025-56537
Product	https://opennebula.io/opennebula-7/

Type

URI

Exploit

https://github.com/MarkArtamonov/OpenNebula-CVE-2025-56537

Product

https://opennebula.io/opennebula-7/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:opennebula:opennebula::::::::`	opennebula	>= None	< 7.0.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:opennebula:opennebula:*:*:*:*:*:*:*:*

opennebula

>= None

< 7.0.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opennebula	edge-community	6.10.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opennebula	edge-community	6.10.0-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opennebula	edge-community	6.10.0-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opennebula	edge-community	6.8.3-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opennebula	3.23-community	6.10.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

opennebula

edge-community

6.10.2-r0

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

opennebula

edge-community