What is GHSA-9cg4-9hv5-3376?

GHSA-9cg4-9hv5-3376 is a security advisory published by GitHub Security Advisories with Low severity. WebSSH Cross-site Scripting vulnerability

Which CVE IDs does GHSA-9cg4-9hv5-3376 cover?

GHSA-9cg4-9hv5-3376 covers the following CVE IDs: CVE-2025-7885. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-9cg4-9hv5-3376?

GHSA-9cg4-9hv5-3376 has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

Which products are affected by GHSA-9cg4-9hv5-3376?

GHSA-9cg4-9hv5-3376 affects 1 product, including: pip/webssh:\u003c 1.6.3.

GHSA-9cg4-9hv5-3376LowCVSS 4.3

WebSSH Cross-site Scripting vulnerability

Vendor

GitHub Security Advisories

Published

July 20, 2025

Last Modified

June 8, 2026

🔗 CVE IDs covered (1)

CVE-2025-7885 →

📋 Description

A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🎯 Affected products1

pip/webssh:< 1.6.3

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2025-7885
https://github.com/huashengdun/webssh/issues/410
https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-7885.md
https://vuldb.com/?ctiid.317000
https://vuldb.com/?id.317000
https://vuldb.com/?submit.613610
https://github.com/huashengdun/webssh/commit/a7a704f111391c82efc1bacf89693ff45bda7f5f
https://github.com/pypa/advisory-database/tree/main/vulns/webssh/PYSEC-2025-234.yaml
https://github.com/advisories/GHSA-9cg4-9hv5-3376