What the vulnerability does
01Description
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
CVSS base score
8.3/10
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
February 24, 2025
CVE published
February 24, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-50538
CVE-2026-6236 Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute
CVE-2024-1256 Jspxcms filter_text.do cross site scripting
CVE-2022-40963 WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
