Base Score

MEDIUM5.4

CVE-2025-43717

In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.

VectorNETWORK

Published Bycve@mitre.org

Published DateApr 17, 2025, 03:15

Affected Versions(1)

pear/http_request2(Packagist)

Introduced0

Fixed2.7.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
pear/http_request2(Packagist)	0	2.7.0	N/A

Weakness Type (CWE):CWE-531

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

MEDIUM5.4

Weakness Type (CWE):CWE-531

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE