CVE-2025-26561

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Feb 13, 2025

CWE ID 79

Summary

CVE-2025-26561 is a Cross-site Scripting (XSS) vulnerability affecting Elfsight Yottie Lite. The flaw, referred to as Stored XSS, lies in the way the software handles user input during web page generation. An attacker can exploit this vulnerability by injecting malicious scripts into the Elfsight Yottie Lite platform, potentially stealing user data or taking control of their browser sessions. This issue affects Elfsight Yottie Lite versions from n/a through 1.3.3. Users are strongly advised to update to the latest version and implement additional security measures to mitigate the risk of XSS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3S69Yd
https://www.cve.org/CVERecord?id=CVE-2025-26561
https://nvd.nist.gov/vuln/detail/CVE-2025-26561

Back to Vulnerability Database

CVE-2025-26561

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations