Plattform
nodejs
Komponente
contenttools
Behoben in
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.17
CVE-2025-2699 is a Cross-Site Scripting (XSS) vulnerability affecting ContentTools versions up to 1.6.16. This vulnerability allows attackers to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The issue resides within the Image Handler component and is triggered by manipulating the onload argument. A fix is available in version 1.6.17.
Successful exploitation of CVE-2025-2699 allows an attacker to execute arbitrary JavaScript code in the context of a user's browser. This can lead to various malicious outcomes, including stealing session cookies, redirecting users to phishing sites, or modifying the content of the web page. The impact is particularly severe if the application handles sensitive user data or performs critical operations. Given the XSS nature, the attack can be launched remotely, making it accessible to a wide range of potential attackers.
This vulnerability was publicly disclosed on 2025-03-24. The vendor, GetmeUK, was contacted but did not respond. The vulnerability has a LOW CVSS score (3.5), indicating a relatively low probability of exploitation in the absence of active campaigns. No public proof-of-concept (POC) code has been observed as of the disclosure date, but the public nature of the disclosure increases the likelihood of future exploitation.
ContentTools deployments, particularly those using older versions (≤1.6.16), are at risk. Shared hosting environments where multiple applications share the same server and resources are also vulnerable, as an attacker could potentially exploit this vulnerability in one application to compromise others on the same server. Applications relying on ContentTools for image handling functionality are specifically at risk.
• nodejs: Inspect application logs for suspicious JavaScript payloads or unusual network requests originating from the Image Handler.
grep -i 'onload=' /var/log/contenttools/app.log• generic web: Monitor access logs for requests containing potentially malicious onload attributes in image URLs.
grep -i 'onload=' /var/log/apache2/access.log• generic web: Examine response headers for signs of injected JavaScript code. Use browser developer tools to inspect the DOM for unexpected script tags.
disclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-2699 is to upgrade ContentTools to version 1.6.17 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Image Handler's onload argument to sanitize user-supplied data. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Thoroughly review and sanitize all user inputs to prevent injection attacks.
Actualice la biblioteca ContentTools a una versión posterior a 1.6.16, si está disponible, para corregir la vulnerabilidad XSS. Si no hay una versión corregida disponible, considere deshabilitar o reemplazar el componente Image Handler hasta que se publique una actualización. Revise y valide cuidadosamente cualquier entrada proporcionada por el usuario al componente Image Handler para evitar la inyección de scripts maliciosos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-2699 is an XSS vulnerability in ContentTools versions up to 1.6.16, allowing attackers to inject malicious scripts via the Image Handler's onload argument.
You are affected if you are using ContentTools version 1.6.16 or earlier. Upgrade to 1.6.17 to resolve the issue.
Upgrade ContentTools to version 1.6.17 or later. As a temporary workaround, implement input validation and output encoding on the Image Handler's onload argument.
While no active exploitation has been confirmed, the vulnerability is publicly disclosed, increasing the risk of future exploitation.
Refer to the GetmeUK website or relevant security mailing lists for the official advisory regarding CVE-2025-2699.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.