CVE-2025-31629

Summary

CVE-2025-31629 is a Cross-site Scripting (XSS) vulnerability affecting Infusionsoft Web Form JavaScript. The flaw, named "Improper Neutralization of Input During Web Page Generation," enables attackers to inject malicious scripts into web pages generated by Infusionsoft Web Forms. These scripts can be stored and retrieved at a later time to execute arbitrary code on unsuspecting users. Infusionsoft Web Form JavaScript versions from n/a through 1.1.1 are susceptible to this issue. It is crucial for users to apply the necessary patches to mitigate this risk and protect against potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.