CVE-2025-26882

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 25, 2025

CWE ID 79

Summary

CVE-2025-26882 is a Cross-site Scripting (XSS) vulnerability affecting the GhozyLab Popup Builder. The flaw, which permits Stored XSS attacks, exists in the Popup Builder's web page generation process. An attacker can exploit this vulnerability by injecting malicious scripts into the application, potentially gaining unauthorized access to user data or sessions. This issue poses a significant risk to users of Popup Builder versions from n/a to 1.1.33. It is essential to apply the necessary patches or updates as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cv7uu
https://www.cve.org/CVERecord?id=CVE-2025-26882
https://nvd.nist.gov/vuln/detail/CVE-2025-26882

Back to Vulnerability Database

CVE-2025-26882

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations