UNKNOWN npm
Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables
GHSA-jhgf-2h8h-ggxv · BIT-parse-2025-68115 · CVE-2025-68115
Published · Modified
Description
Impact
A Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages.
Patches
The patch escapes user controlled values that are inserted into the HTML pages.
Workarounds
None.
Resources
References
- WEB https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-68115
- WEB https://github.com/parse-community/parse-server/pull/9985
- WEB https://github.com/parse-community/parse-server/pull/9986
- PACKAGE https://github.com/parse-community/parse-server
Ready to move
Start Securing
Free, no credit card | First findings in minutes