What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables css3_vertical_web_pricing_tables allows Reflected XSS.This issue affects CSS3 Vertical Web Pricing Tables: from n/a through <= 1.9.
Explanation of Vulnerability in Simple Terms
02Summary
CSS3 Vertical Web Pricing Tables versions 1.9 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts into the pricing table configuration that execute in the browsers of site visitors. The vulnerability requires user interaction—a victim must visit a page containing the affected component. Impact is limited to the confidentiality, integrity, and availability of the affected page context.
What an attacker can do
03Attacker Capabilities
Inject and execute malicious JavaScript in visitors' browsers when they view pages with the pricing table.
Potential impact on your site
04Site Impact
Visitors to pages using this pricing table may have their session data stolen, be redirected to malicious sites, or see defaced content.
Conditions required to exploit
05Prerequisites
No authentication required. Victim must visit a page containing the vulnerable pricing table component.
Key dates
06Disclosure timeline
June 27, 2025
CVE published
May 12, 2026
Record updated