CVE-2025-29746: Koillection Cross Site Scripting vulnerability
(updated )
Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components
References
- gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe
- github.com/advisories/GHSA-fxvx-gfmr-5xfj
- github.com/benjaminjonard/koillection
- github.com/benjaminjonard/koillection/issues/1329
- github.com/benjaminjonard/koillection/releases/tag/1.6.11
- github.com/benjaminjonard/koillection/releases/tag/1.6.12
- nvd.nist.gov/vuln/detail/CVE-2025-29746
Code Behaviors & Features
Detect and mitigate CVE-2025-29746 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →