CVE-2025-22354

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 7, 2025

CWE ID 79

Summary

CVE-2025-22354 is a Cross-Site Scripting (XSS) vulnerability affecting the Digi Store from versions n/a through 1.1.4. This issue arises due to improper neutralization of user inputs during web page generation. An attacker can exploit this vulnerability to inject malicious scripts into a web page and steal sensitive user data or take control of user sessions. The implications of this flaw can lead to significant security risks and potential data breaches. It is recommended that users upgrade to the latest version of Digi Store to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2JMRBT
https://www.cve.org/CVERecord?id=CVE-2025-22354
https://nvd.nist.gov/vuln/detail/CVE-2025-22354

Back to Vulnerability Database

CVE-2025-22354

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations