GHSA-9wv7-mm8f-m6cxLow
The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129....
🔗 CVE IDs covered (1)
📋 Description
The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.