{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4779", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-05-15T14:03:54.703Z", "datePublished": "2025-07-07T09:53:10.901Z", "dateUpdated": "2025-07-07T17:24:24.732Z"}, "containers": {"cna": {"title": "Stored Cross-site Scripting (XSS) in lunary-ai/lunary", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-07-07T09:53:10.901Z"}, "descriptions": [{"lang": "en", "value": "lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An unauthenticated attacker can inject malicious JavaScript into the `v1/runs/ingest` endpoint by adding an empty `citations` field, triggering a code path where `dangerouslySetInnerHTML` is used to render attacker-controlled text. This vulnerability allows the execution of arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions."}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"version": "unspecified", "lessThan": "1.9.24", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/c603b64e-5171-4eed-8983-a7f656ce2c4d"}, {"url": "https://github.com/lunary-ai/lunary/commit/18750294a76ff6c0f3f1b6af4ac1a23399836b16"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "c603b64e-5171-4eed-8983-a7f656ce2c4d", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T17:23:49.466188Z", "id": "CVE-2025-4779", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T17:24:24.732Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4779", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-07T17:23:49.466188Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T17:24:08.785Z"}}], "cna": {"title": "Stored Cross-site Scripting (XSS) in lunary-ai/lunary", "source": {"advisory": "c603b64e-5171-4eed-8983-a7f656ce2c4d", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.9.24", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/c603b64e-5171-4eed-8983-a7f656ce2c4d"}, {"url": "https://github.com/lunary-ai/lunary/commit/18750294a76ff6c0f3f1b6af4ac1a23399836b16"}], "descriptions": [{"lang": "en", "value": "lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An unauthenticated attacker can inject malicious JavaScript into the `v1/runs/ingest` endpoint by adding an empty `citations` field, triggering a code path where `dangerouslySetInnerHTML` is used to render attacker-controlled text. This vulnerability allows the execution of arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-07-07T09:53:10.901Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4779", "state": "PUBLISHED", "dateUpdated": "2025-07-07T17:24:24.732Z", "dateReserved": "2025-05-15T14:03:54.703Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-07-07T09:53:10.901Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3B8B17D-ABA8-4A7C-96FF-61FC3CA3C694", "versionEndExcluding": "1.9.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An unauthenticated attacker can inject malicious JavaScript into the `v1/runs/ingest` endpoint by adding an empty `citations` field, triggering a code path where `dangerouslySetInnerHTML` is used to render attacker-controlled text. This vulnerability allows the execution of arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions."}, {"lang": "es", "value": "Las versiones de lunary-ai/lunary anteriores a la 1.9.24 son vulnerables a cross site scripting (XSS) almacenado. Un atacante no autenticado puede inyectar JavaScript malicioso en el endpoint `v1/runs/ingest` a\u00f1adiendo un campo `citations` vac\u00edo, lo que activa una ruta de c\u00f3digo donde se usa `dangerouslySetInnerHTML` para renderizar texto controlado por el atacante. Esta vulnerabilidad permite la ejecuci\u00f3n de JavaScript arbitrario en el contexto del navegador del usuario, lo que podr\u00eda provocar secuestro de sesi\u00f3n, robo de datos u otras acciones maliciosas."}], "id": "CVE-2025-4779", "lastModified": "2025-12-03T20:33:57.607", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-07T10:15:28.717", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/lunary-ai/lunary/commit/18750294a76ff6c0f3f1b6af4ac1a23399836b16"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.com/bounties/c603b64e-5171-4eed-8983-a7f656ce2c4d"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}