CVE-2025-41406 MEDIUM

CVE-2025-41406

Vendor Uchida Yoko Co., Ltd.

Product wivia 5

Weakness CWE-79 · XSS

Published May 30, 2025

Last update May 30, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user.

Key dates

02Disclosure timeline

May 30, 2025 CVE published

May 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-41406 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-6221 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter CVE-2024-3987 WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt CVE-2025-49306 WordPress WP Social Widget plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability CVE-2024-23190 CVE-2024-56261 WordPress Project Showcase plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability