CVE-2025-28885

Summary

CVE-2025-28885 is a Cross-site Scripting (XSS) vulnerability affecting the NotFound Fiverr.com Official Search Box. The flaw, which allows for Stored XSS attacks, occurs due to improper neutralization of user input during web page generation. This issue potentially impacts all versions of the search box from n/a through 1.0.8. Attackers could inject malicious scripts into the search box, which could be executed in the context of the web application when other users visit the affected page. This vulnerability poses a serious threat to users, as it may lead to unauthorized access to user data or theft of session cookies. It is crucial that Fiverr addresses this issue promptly by applying the necessary security patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.