What the vulnerability does
01Description
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55064
MEDIUM
CVE-2025-55064: Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVSS base score
4.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Key dates
02Disclosure timeline
December 29, 2025
CVE published
December 29, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-7281 SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
CVE-2024-1099 Rebuild read-raw getFileOfData cross site scripting
CVE-2025-48252 WordPress Back Button Widget plugin <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability
CVE-2023-2740 SourceCodester Guest Management System GET Parameter dateTest.php cross site scripting
CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter
