CVE-2025-1271

Reflected Cross-Site Scripting (XSS) vulnerability in H6Web

CVSS 6.1 MEDIUMEPSS 0.3%CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Feb 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Anapi Group · H6Web

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web