Upstream information
Description
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconesim.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | CNA (GitHub) | 
|---|---|
| Base Score | 6.1 | 
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 
| Attack Vector | Network | 
| Attack Complexity | Low | 
| Privileges Required | None | 
| User Interaction | Required | 
| Scope | Changed | 
| Confidentiality Impact | Low | 
| Integrity Impact | Low | 
| Availability Impact | None | 
| CVSSv3 Version | 3.1 | 
List of released packages
| Product(s) | Fixed package version(s) | References | 
|---|---|---|
| Container suse/sl-micro/6.1/baremetal-os-container:latest | 
 | |
| openSUSE Tumbleweed | 
 | Patchnames: openSUSE-Tumbleweed-2025-14889 | 
SUSE Timeline for this CVE
CVE page created: Tue Mar 4 20:00:43 2025CVE page last modified: Fri Oct 24 12:34:40 2025
