Medium severityNVD Advisory· Published Oct 7, 2025· Updated Apr 15, 2026
CVE-2025-40649
CVE-2025-40649
Description
Stored Cross-Site Scripting (XSS) in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure (BBMRI-ERIC), consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations//posts'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=3.15.2+ 1 more
- (no CPE)range: =3.15.2
- (no CPE)range: = 3.15.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.