CVE-2025-48884

Galette is vulnerable to XSS through Document Type

Description

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.

INFO

Published Date :

2025-11-04T20:44:29.193Z

Last Modified :

2025-11-04T21:03:39.940Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-48884 vulnerability.

Vendors	Products
Galette	Galette

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48884.

URL	Resource
https://github.com/galette/galette/security/advisories/GHSA-3rc3-rc5x-vmr4

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability