What is CVE-2025-23500?

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Ahmed, Technial Architect,faaiqsj@gmail.com Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3.

How severe is CVE-2025-23500?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2025-23500?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-23500 - HIGH Severity | CVSS 7.1

Vulnerability Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Ahmed, Technial Architect,[email protected] Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3.

Related Vulnerabilities

CVE-2014-6447

HIGH

CVSS:7.1(High)

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 1...

CWE-792014

CVE-2017-3557

HIGH

CVSS:7.1(High)

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6...

CWE-792017

CVE-2018-15633

HIGH

CVSS:7.1(High)

Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of ...

CWE-792018

CVE-2018-15634

HIGH

CVSS:7.1(High)

Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser...

CWE-792018

CVE-2018-15638

HIGH

CVSS:7.1(High)

Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a vict...

CWE-792018

CVE-2019-14863

HIGH

CVSS:7.1(High)

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted d...

CWE-792019