CVE-2025-26528

Summary

CVE-2025-26528 is a stored Cross-Site Scripting (XSS) vulnerability affecting the "ddimageortext" question type in an unspecified software. Maliciously crafted images used in the drag-and-drop functionality could execute arbitrary scripts in the context of the affected system, leading to potential security breaches and unintended information disclosure. The vulnerability can be exploited by attackers to inject and execute malicious scripts when a user interacts with the affected interface. To mitigate this risk, it is recommended that the affected software is promptly updated, and input sanitization is implemented to prevent the execution of untrusted scripts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.