CVE-2025-1888 – Leica Aperio Eslide Manager Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-1888

Published : March 14, 2025, 5:15 p.m. | 1 hour, 44 minutes ago

Description : The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the “memo” field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-1888 – Leica Aperio Eslide Manager Cross-Site Scripting Vulnerability