CVE-2025-23467
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2025-23467 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in Vimal Ghorecha RSS News Scroller. This issue allows an attacker to execute Stored XSS (Cross-Site Scripting) attacks on unsuspecting users. The vulnerability affects versions of RSS News Scroller ranging from n/a to 2.0.0, putting a significant number of users at risk. An attacker can manipulate a user's web session by forging a request, potentially injecting malicious scripts to steal sensitive information or perform unauthorized actions on behalf of the user. Users are strongly encouraged to update to the latest version of RSS News Scroller to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.