Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
AnalysisAI
rrweb-snapshot before v2.0.0-alpha.18 contains a reflected cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript or HTML in a victim's browser context through a crafted payload. The vulnerability requires user interaction (clicking a malicious link) and affects client-side snapshot capture functionality. Publicly available exploit code exists according to CISA SSVC assessment, though active exploitation has not been confirmed at time of analysis.
Technical ContextAI
rrweb-snapshot is a JavaScript library for capturing and replaying web page state, commonly used in session recording and debugging applications. The vulnerability stems from inadequate input sanitization in the snapshot rendering pipeline, classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The library processes DOM elements and user-supplied data without sufficient XSS filters before injecting content into the DOM, allowing malicious script tags or event handlers to execute in the context of pages using the library. This affects the client-side snapshot capture mechanism used to serialize page state.
RemediationAI
Upgrade rrweb-snapshot to version v2.0.0-alpha.18 or later. Users should update their dependency to the patched version through npm or their package manager of choice. If immediate patching is not feasible, implement Content Security Policy (CSP) headers with script-src directives to mitigate XSS execution in the context where rrweb-snapshot is deployed. Refer to the upstream repository issue tracker at https://github.com/rrweb-io/rrweb/issues/1817 for additional technical details and patch confirmation.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209373