Medium severity6.1NVD Advisory· Published Jan 26, 2026· Updated Apr 15, 2026
CVE-2025-11687
CVE-2025-11687
Description
A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gi-docgenPyPI | < 2025.5 | 2025.5 |
Affected products
5- ghsa-coords5 versionspkg:pypi/gi-docgenpkg:rpm/opensuse/python-gi-docgen&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-gi-docgen&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-gi-docgen&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-gi-docgen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 2025.5+ 4 more
- (no CPE)range: < 2025.5
- (no CPE)range: < 2025.5-160000.1.1
- (no CPE)range: < 2025.5-1.1
- (no CPE)range: < 2025.5-160000.1.1
- (no CPE)range: < 2025.5-160000.1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6p6h-rqr6-62mvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-11687ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-11687nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- gitlab.gnome.org/GNOME/gi-docgen/-/commit/65d16b8ac178900602da540c8f5df4f52d5e8cf6ghsaWEB
- gitlab.gnome.org/GNOME/gi-docgen/-/issues/228nvdWEB
News mentions
0No linked articles in our index yet.