What the vulnerability does
01Description
Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.
CVE-2025-40726
MEDIUM
CVE-2025-40726: Cross-Site Scripting (XSS) reflected in Nosto
CVSS base score
5.1/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Key dates
02Disclosure timeline
June 16, 2025
CVE published
June 16, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-5291 Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes
CVE-2025-24459
CVE-2022-2173 Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting
CVE-2023-47657 WordPress Direct Checkout – Quick View – Buy Now For WooCommerce Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)
CVE-2024-9033 SourceCodester Best House Rental Management System ajax.php cross site scripting
