Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

CVE-2025-35996

High

8.5/10

Summary

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resulting in a cross-site-scripting attack.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-97 - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

References

Advisory Timeline

Published May 01, 2025

Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

CVE-2025-35996

Summary

CWE-97 - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS