CVE-2025-28932

Summary

CVE-2025-28932 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in BCS Website Solutions' Insert Code feature. Affecting versions from n/a to 2.4, this issue enables attackers to execute Stored XSS (Cross-Site Scripting) attacks on unsuspecting users. By tricking victims into clicking a maliciously crafted link, attackers can inject malicious scripts into the web application, potentially stealing sensitive user information or taking control of their accounts. This poses a significant risk to users and necessitates immediate patching or mitigation measures to protect against these attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.