Nixpkgs security tracker
Permalink
CVE-2025-28855
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Teleport allows Reflected XSS. This issue affects Teleport: from n/a through 1.2.4.
References
Affected products
teleport
- =<1.2.4
Matching in nixpkgs
pkgs.teleport
Certificate authority and access plane for SSH, Kubernetes, web applications, and databases
pkgs.teleport_15
Certificate authority and access plane for SSH, Kubernetes, web applications, and databases
pkgs.teleport_16
Certificate authority and access plane for SSH, Kubernetes, web applications, and databases
pkgs.lomiri.teleports
Ubuntu Touch Telegram client
pkgs.emacsPackages.teleport
None
-
nixos-unstable 20240718.652
- nixpkgs-unstable 20240718.652
- nixos-unstable-small 20240718.652
pkgs.obs-studio-plugins.obs-teleport
OBS Studio plugin for an open NDI-like replacement
Package maintainers
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@freezeboy freezeboy
-
@justinas Justinas Stankevičius <justinas@justinas.org>
-
@sigma Yann Hodique <yann.hodique@gmail.com>
-
@techknowlogick techknowlogick <techknowlogick@gitea.com>
-
@tomberek Thomas Bereknyei <tomberek@gmail.com>
-
@arianvp Arian van Putten <arian.vanputten@gmail.com>