CVE-2025-23685

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 3, 2025

CWE ID 79

Summary

CVE-2025-23685 is a Cross-Site Scripting (XSS) vulnerability affecting the RomanCart application from version n/a through 0.0.2. The flaw, named "Improper Neutralization of Input During Web Page Generation," enables attackers to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. This vulnerability poses a serious security risk and should be addressed promptly by applying the necessary patches or upgrades.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2haqJA
https://www.cve.org/CVERecord?id=CVE-2025-23685
https://nvd.nist.gov/vuln/detail/CVE-2025-23685

Back to Vulnerability Database

CVE-2025-23685

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations