CVE-2025-26551

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 13, 2025

CWE ID 79

Summary

CVE-2025-26551 is a Cross-site Scripting (XSS) vulnerability affecting Bootstrap collapse from undisclosed versions up to 1.0.4. The issue involves improper neutralization of user input during web page generation, allowing an attacker to inject malicious scripts into a webpage viewed by other users. Successful exploitation of this vulnerability could result in unauthorized access to user data or session hijacking. Users are advised to update to a patched version of Bootstrap collapse to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3S7F7o
https://www.cve.org/CVERecord?id=CVE-2025-26551
https://nvd.nist.gov/vuln/detail/CVE-2025-26551

Back to Vulnerability Database

CVE-2025-26551

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations