CVE-2025-1271 MEDIUM

CVE-2025-1271: Reflected Cross-Site Scripting (XSS) vulnerability in H6Web

Vendor Anapi Group
Product H6Web
Weakness CWE-79 · XSS
Published February 13, 2025
Last update February 13, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user.

Key dates

02Disclosure timeline

February 13, 2025 CVE published
February 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-47386 WordPress WP Extended plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-4875 fossology cross site scripting CVE-2025-30898 WordPress افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability CVE-2025-68597 WordPress Jobs for WordPress plugin <= 2.8.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-11865 Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting