CVE-2025-7672 LOW

CVE-2025-7672: Stored-XSS possibility in Namo CrossEditor4

Vendor Jiransoft

Product CrossEditor4

Weakness CWE-79 · XSS

Published July 15, 2025

Last update July 15, 2025

View on NVD All CVEs

CVSS base score

2.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules) potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23.

Key dates

02Disclosure timeline

July 15, 2025 CVE published

July 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7672

Related vulnerabilities

04Related CVE

CVE-2022-45838 WordPress ARForms Form Builder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS) CVE-2022-23515 Improper neutralization of data URIs may allow XSS in Loofah CVE-2023-47227 WordPress Social Feed | All social media in one place Plugin <= 1.5.4.6 is vulnerable to Cross Site Scripting (XSS) CVE-2024-54316 WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability CVE-2025-31597 WordPress Ultimate Live Cricket WordPress Lite plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability