← voltar
CVE-2025-10280

Incorrect Content Type Cross-Site Scripting Vulnerability

CVSS 7.1 HIGHEPSS 0.2%CWE-79
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
03 nov 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H