CVE-2025-55742: UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality
(updated )
Affected Functionality: User creation
Endpoint: /admin/settings/users/create
References
- drive.proton.me/urls/KCKTSWHA3C
- github.com/advisories/GHSA-xr97-25v7-hc2q
- github.com/unopim/unopim
- github.com/unopim/unopim/blob/a0dc81947a59ada69e19e1e4313dd591d4e277b4/packages/Webkul/Core/src/Traits/Sanitizer.php
- github.com/unopim/unopim/commit/49d5f6ac4d5d9ef7d9cdfe01853234d531c55f75
- github.com/unopim/unopim/commit/b596021b5a5e0656abe16c01ae0e84c95f9fe902
- github.com/unopim/unopim/commit/b5e169e65725e0d80b6c79d57e62a25e1af6a3c3
- github.com/unopim/unopim/security/advisories/GHSA-xr97-25v7-hc2q
- nvd.nist.gov/vuln/detail/CVE-2025-55742
Code Behaviors & Features
Detect and mitigate CVE-2025-55742 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →