How severe is CVE-2025-30349?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2025-30349?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-30349

HIGH Year: 2025

CVSS v3 Score

7.2

High

Weakness Type

CWE-79

View all →

Vulnerability Description

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.

CVE-2016-1000115

HIGH

CVSS:7.2(High)

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

CWE-792016

CVE-2016-1000116

HIGH

CVSS:7.2(High)

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS

CWE-792016

CVE-2016-1000117

HIGH

CVSS:7.2(High)

XSS & SQLi in HugeIT slideshow v1.0.4

CWE-792016

CVE-2016-1000118

HIGH

CVSS:7.2(High)

XSS & SQLi in HugeIT slideshow v1.0.4

CWE-792016

CVE-2016-1000119

HIGH

CVSS:7.2(High)

SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

CWE-792016

CVE-2016-15041

HIGH

CVSS:7.2(High)

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter ...

CWE-792016

CVE-2025-30349

Vulnerability Description

Related Vulnerabilities

CVE-2016-1000115

CVE-2016-1000116

CVE-2016-1000117

CVE-2016-1000118

CVE-2016-1000119

CVE-2016-15041