CVE-2025-23950
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jan 16, 2025
CWE ID 79
Summary
CVE-2025-23950 is a Cross-site Scripting (XSS) vulnerability affecting Said Shiripour EZPlayer from versions n/a through 1.0.10. The flaw arises due to improper neutralization of user input during web page generation, enabling attackers to inject malicious scripts into web pages viewed by other users. This can lead to data theft or unauthorized actions within the user's session. The vulnerability poses a significant risk and should be addressed by updating to a patched version of EZPlayer as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share