vulnerability
FreeBSD: VID-8acfcfdc-d27c-11f0-8512-b0416f0c4c67 (CVE-2025-66040): spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:H/Au:N/C:P/I:P/A:N) | Dec 6, 2025 | Dec 10, 2025 | Dec 10, 2025 |
Severity
3
CVSS
(AV:L/AC:H/Au:N/C:P/I:P/A:N)
Published
Dec 6, 2025
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. This issue has been patched in version 2.25.2.
Solutions
freebsd-upgrade-package-py310-spotipyfreebsd-upgrade-package-py311-spotipyfreebsd-upgrade-package-py312-spotipyfreebsd-upgrade-package-py313-spotipyfreebsd-upgrade-package-py313t-spotipyfreebsd-upgrade-package-py314-spotipy
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.