Donate Telegram

CVE-2025-65465

MEDIUM CVSS 3.1: 6.1 EPSS 0.02%

Mar 02, 2026

Updated Mar 02, 2026

Payload

Parameter	Value
CVSS	6.1 (MEDIUM)
Fixed In	2.18
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Payload
Public PoC	No

A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 4

https://gist.github.com/Y-T-T/ad9d05bee5f1fd4569fa5e89583d7304

https://github.com/Skrol29/opentbs

https://github.com/Skrol29/tbszip

https://github.com/Skrol29/tbszip/releases/tag/v2.18

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40922

Payload

CVE-2026-35469

Payload

CVE-2026-40901

Payload

CVE-2024-8010

Payload

CVE-2025-40899

Payload

CVE Details

CVE ID

CVE-2025-65465

Published Date

Mar 02, 2026

Vendor

Payload

Severity

MEDIUM

CVSS v3.1 Score

6.1

Medium severity. Plan remediation.

Attack Analysis

Exploitability 2.8/10

How easy to exploit

Impact 2.7/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 0.02%

Likelihood of exploitation in next 30 days

Percentile: 5.8th percentile (higher than 5.8% of all CVEs)

Standard patching cycle

Impact

Partial data disclosure

Partial data modification

Source

Editor's Choice