Home > Vulnerability Database > CVE-2025-29049

Mend.io Vulnerability Database

CVE-2025-29049

Good to know:

Date: March 31, 2025

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.

Severity Score

6.3

Related Resources (6)

Url: https://github.com/arnog/mathlive/commit/abc26056fd5e29a99edfa96a0bbe855ea2a8b678

Url: https://github.com/arnog/mathlive/security/advisories/GHSA-qwj6-q94f-8425

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-29049

Url: https://github.com/advisories/GHSA-qwj6-q94f-8425

Url: https://github.com/arnog/mathlive

Url: https://www.mend.io/vulnerability-database/CVE-2025-29049

Severity Score

6.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Encoding or Escaping of Output

CWE-116

Top Fix

Upgrade Version

Upgrade to version mathlive - 0.104.0

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-29049

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?