CVE-2025-22662

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 4, 2025

Updated: Feb 18, 2025

CWE ID 79

Summary

CVE-2025-22662 is a Cross-site Scripting (XSS) vulnerability affecting the SendPulse Email Marketing Newsletter. The issue stems from improper neutralization of user inputs during web page generation. Attackers can exploit this flaw to inject malicious scripts into the newsletter and gain unauthorized access to users' browsing sessions or steal sensitive information. Affected versions of SendPulse Email Marketing Newsletter range from n/a to 2.1.5. Users are advised to update their software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2RY03-
https://www.cve.org/CVERecord?id=CVE-2025-22662
https://nvd.nist.gov/vuln/detail/CVE-2025-22662

Back to Vulnerability Database

CVE-2025-22662

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations