Fluid Attacks Database

Description

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	mercurial	=6.3.2-1 \|\| >=0 <6.3.2-1+deb12u1	6.3.2-1+deb12u1
debian 11	mercurial	=5.6.1-4 \|\| >=0 <5.6.1-4+deb11u1	5.6.1-4+deb11u1
debian 13	mercurial	>=0 <6.9.4-1	6.9.4-1
debian 14	mercurial	>=0 <6.9.4-1	6.9.4-1

Aliases

1. CVE-2025-23612. NVD-2025-23613. OSV-DEBIAN-2025-23614. OSV-2025-23615. SECURITY-TRACKER-CVE-2025-2361

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.