CVE-2025-54597 — LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter. | CVE Daily

High CVSS 7.2

Overview

LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.

CWE: CWE-79 Published: 2025-07-27T03:15:26.453

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.2 (HIGH)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags

Cross-site Scripting (XSS)