CVE-2025-26756

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 22, 2025

CWE ID 79

Summary

CVE-2025-26756 is a Cross-Site Scripting (XSS) vulnerability affecting Magic the Gathering Card Tooltips from versions n/a through 3.5.0. An attacker can exploit this Improper Neutralization of Input issue during web page generation to inject malicious scripts into the tooltips, potentially stealing user information or taking control of their browsing session. This poses a significant security risk for users interacting with the affected tooltips. It is strongly advised to update to a patch or newer version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3WvXtx
https://www.cve.org/CVERecord?id=CVE-2025-26756
https://nvd.nist.gov/vuln/detail/CVE-2025-26756

Back to Vulnerability Database

CVE-2025-26756

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations