CVE-2025-32174

Summary

CVE-2025-32174 is a Cross-Site Scripting (XSS) vulnerability affecting the Tockify Tockify Events Calendar. The issue, which allows DOM-Based XSS, stems from improper neutralization of user inputs during web page generation. This weakness can be exploited by attackers to inject malicious scripts into a victim's browser when viewing a specially crafted event page on the Tockify platform. Versions of the Tockify Events Calendar from n/a up to and including 2.2.13 are vulnerable to this attack. Successful exploitation could lead to information disclosure or unauthorized actions on the affected user's account. It is crucial that users and administrators upgrade to a patched version of the calendar to mitigate the risk associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.