How severe is CVE-2025-25818?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2025-25818?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-25818

MEDIUM Year: 2025

CVSS v3 Score

5.1

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.

CVE-2022-4647

MEDIUM

CVSS:5.1(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

CWE-792022

CVE-2023-1270

MEDIUM

CVSS:5.1(Medium)

Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.

CWE-792023

CVE-2023-1704

MEDIUM

CVSS:5.1(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

CWE-792023

CVE-2024-3977

MEDIUM

CVSS:5.1(Medium)

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin...

CWE-792024

CVE-2024-44010

MEDIUM

CVSS:5.1(Medium)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2...

CWE-792024

CVE-2024-47313

MEDIUM

CVSS:5.1(Medium)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3...

CWE-792024

CVE-2025-25818

Vulnerability Description

Related Vulnerabilities

CVE-2022-4647

CVE-2023-1270

CVE-2023-1704

CVE-2024-3977

CVE-2024-44010

CVE-2024-47313