CVE-2025-24626

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 27, 2025

CWE ID 79

Summary

CVE-2025-24626 is a Cross-Site Scripting (XSS) vulnerability affecting the CodePeople Music Store. The flaw, which permits Reflected XSS attacks, resides in the application's web page generation process. Malicious actors can exploit this weakness by injecting malicious scripts into input fields, potentially stealing user data or taking control of their sessions. The vulnerability affects all versions of the Music Store from n/a through 1.1.19.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2ul-8z
https://www.cve.org/CVERecord?id=CVE-2025-24626
https://nvd.nist.gov/vuln/detail/CVE-2025-24626

Back to Vulnerability Database

CVE-2025-24626

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations