CVE-2025-69993

medium Red Hat
CVSS v3 Base Score
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: April 14, 2026 (30 days ago)
Last Modified: April 14, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Leaflet. This Cross-Site Scripting (XSS) vulnerability exists in the bindPopup() method, which fails to sanitize user-supplied input. A remote attacker can exploit this by injecting malicious JavaScript code into map popups. When a victim views an affected map, the injected script executes in their browser, potentially leading to information disclosure or other client-side attacks.

CWE

CWE-79

Affected Products

Red Hat OpenShift AI (RHOAI)

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 leaflet.com 🔗 github.com