MEDIUM
netdata
CVE published 2026-07-02
CVE-2025-71385
CVE-2025-71385 is a reflected cross-site scripting vulnerability in Netdata before version 2.3.1. The vulnerability exists in the api/v2/ilove.svg and api/v3/ilove.svg endpoints, which reflect user-supplied input from the 'love' query parameter into the generated SVG document without proper escaping. This allows an attacker to inject malicious scripts that execute in the victim's browser within the origin [truncated]