cvedb.io
CVE-2025-1271
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-02-13T13:15:09.433 · Last modified 2026-06-17T08:38:42.960

Summary

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user.

Affected products

anapi — h6web

Does this affect you?

Add your gear to cvedb and we'll alert you only when anapi ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.