Reflected XSS Vulnerability in Scanventory by Scanventory.net
CVE-2025-22588

7.1HIGH

Key Information:

Vendor: Scanventory.net
Status: Scanventory
Vendor: CVE Published:; 13 January 2025

Summary

A reflected cross-site scripting (XSS) vulnerability exists in the Scanventory plugin by Scanventory.net. This vulnerability arises from inadequate neutralization of user inputs during web page generation, allowing attackers to inject malicious scripts into web pages. As a result, users may inadvertently execute harmful scripts when they interact with affected pages, potentially leading to unauthorized data access or manipulation.

Affected Version(s)

Scanventory <= 1.1.3

References

https://patchstack.com/database/wordpress/plugin/woocomme...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)