{"id":"CVE-2025-65754","details":"Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename.","aliases":["GHSA-8jqm-8qm3-qgqm","GO-2025-4228"],"modified":"2026-04-09T11:03:13.888029Z","published":"2025-12-10T18:16:21.090Z","related":["SUSE-SU-2026:0037-1"],"references":[{"type":"PACKAGE","url":"https://github.com/xyproto/algernon"},{"type":"EVIDENCE","url":"https://gist.github.com/Bnyt7/0faa90ff93c5d98093a0e29a1eb34d81"},{"type":"EVIDENCE","url":"https://github.com/Bnyt7/CVE-2025-65754"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xyproto/algernon","events":[{"introduced":"0"},{"last_affected":"df2545cd3ccca90e626c42604ec3f60ce1df0062"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.17.4"}]}}],"versions":["0.2","0.3","0.4","0.41","0.42","0.43","0.44","0.45","0.46","0.47","0.48","0.49","0.50","0.51","0.52","0.53","0.54","0.55","0.56","0.57","0.58","0.59","0.61","0.62","0.63","0.64","0.65","0.66","0.67","0.68","0.7","0.71","0.72","0.73","0.74","0.75","0.8","0.81","0.82","0.83","0.84","0.85","0.86","0.87","0.88","0.89","0.9","0.91","0.92","1.0","1.1","1.10","1.10.1","1.11.0","1.12.0","1.12.0-TLS-1.3","1.12.1","1.12.10","1.12.11","1.12.12","1.12.14","1.12.2","1.12.3","1.12.4","1.12.5","1.12.6","1.12.7","1.12.8","1.12.9","1.2","1.2.1","1.3","1.3.1","1.3.2","1.4","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.5","1.5.1","1.5.1-static-linux64","1.6","1.7","1.8","1.9","v0.47-win8-64","v0.52-win8-64","v0.62-win8-64","v0.84-win8-64","v0.85-win8-64","v1","v1.0-win8-64","v1.13.0","v1.14.0","v1.15.0","v1.15.1","v1.15.2","v1.15.3","v1.15.4","v1.15.5","v1.16.0","v1.17.0","v1.17.1","v1.17.2","v1.17.3","v1.17.4","v1.2.1-win8-64","v1.4.1-rpi3","v1.4.1-win8-64","v1.4.5-win8-64","v1.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-65754.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}