What the vulnerability does
01Description
Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVSS base score
4.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Key dates
02Disclosure timeline
November 17, 2025
CVE published
November 17, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-31889 WordPress Extensions for Elementor plugin <= 2.0.40 - Cross Site Scripting (XSS) vulnerability
CVE-2023-2342 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
CVE-2024-4993 SQL injection vulnerability in SiAdmin
CVE-2021-24544 Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting
CVE-2023-28636 GLPI vulnerable to stored Cross-site Scripting in external links
