What the vulnerability does
01Description
Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
CVSS base score
7.1/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
December 10, 2024
CVE published
November 3, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-7367 Strong Testimonials <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields
CVE-2025-67618 WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
CVE-2024-25919 WordPress Custom Field Template plugin <= 2.6 - Cross Site Scripting (XSS) vulnerability
CVE-2020-8115
