### Key Information #### Vulnerability ID - CVE-2025-62662 #### Vulnerability Type - Stored XSS through system messages in AdvancedSearch #### Affected Versions - Version(s): 1.4.2.x (up to 1.4.2.0) - Affected: Yes - Fixed: No #### Description Nginx system messages are returned as HTML by the AdvancedSearch resource, allowing for stored XSS. #### Reproduction Steps 1. Take a screenshot. 2. View an advanced search page in Firefox. 3. Click on "Advanced Search" and then click on "Save". 4. A markup of data is shown by the /system/messages/advancedsearch resource: - advancedsearch-field-advancedsearch - advancedsearch-field-help - advancedsearch-field-new - advancedsearch-field-old - advancedsearch-field-range - advancedsearch-field-subject - advancedsearch-field-author - advancedsearch-field-content #### Root Cause The message is converted at this place, which does not escape the contents and converts the break into a tag. It has been introduced with 1.4.2.0. #### Additional Information - Author: Willem Vanhaelen (@ Packt) - Related Changes: In OpenSearch - Mentions: Security Prior To Deploy on the Security Team Board - Tags: #SecurityTeam, #Vulnerability, #XSS - Technologies: Nginx, JavaScript, HTML