CVE-2025-8456 HIGH

CVE-2025-8456: Reflected XSS in Kod8 Software's Kod8 Individual and SME Website

Vendor Kod8 Software Technologies Trade Ltd. Co.
Product Kod8 Individual and SME Website
Weakness CWE-79 · XSS
Published February 3, 2026
Last update June 5, 2026
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS. This issue affects Kod8 Individual and SME Website: through 03022026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
June 5, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-62111 WordPress Extra Shortcodes plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-45640 WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS) CVE-2026-2724 Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields CVE-2024-10034 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2024-36162 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)