CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23362: The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image...

6.1 CVSS

Description

The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image is rendered and crafted EXIF meta data is processed, an arbitrary script may be executed on the web browser. Versions 2.3.2 and 2.4.0 were reported as vulnerable. According to the vendor, the product has been refactored after those old versions and the version 3.0.1 is not vulnerable.

Classification

CVE ID: CVE-2025-23362

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.1

Affected Products

Vendor: Rodrigue

Product: EXIF Viewer Classic

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.25% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://chromewebstore.google.com/detail/exif-viewer-classic/nafpfdcmppffipmhcpkbplhkoiekndck
https://exifviewers.com/
https://jvn.jp/en/jp/JVN05508012/

Timeline

2025-01-30 08:58:50 UTC
CVE

The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image...