Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-52739
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3.
References
Affected products
Sala
- =<1.1.3
Matching in nixpkgs
pkgs.python312Packages.datasalad
Pure-Python library with a collection of utilities for working with Git and git-annex
pkgs.python313Packages.datasalad
Pure-Python library with a collection of utilities for working with Git and git-annex
pkgs.python312Packages.schema-salad
Semantic Annotations for Linked Avro Data
-
nixos-unstable 8.9.20250408123006
- nixpkgs-unstable 8.9.20250408123006
- nixos-unstable-small 8.9.20250408123006
-
nixos-25.11 8.9.20250723145140
- nixpkgs-25.11-darwin 8.9.20250723145140
pkgs.python313Packages.schema-salad
Semantic Annotations for Linked Avro Data
-
nixos-unstable 8.9.20250408123006
- nixpkgs-unstable 8.9.20250408123006
- nixos-unstable-small 8.9.20250408123006
-
nixos-25.11 8.9.20250723145140
- nixpkgs-25.11-darwin 8.9.20250723145140
Package maintainers
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@veprbl Dmitry Kalinkin <veprbl@gmail.com>