Reflected Cross-site Scripting Vulnerability in New Media One GeoDigs
CVE-2025-23628
7.1HIGH
What is CVE-2025-23628?
A Cross-site Scripting (XSS) vulnerability in the New Media One GeoDigs plugin can result in Reflected XSS attacks. This issue arises from improper neutralization of input during web page generation, allowing malicious users to inject scripts into web pages viewed by other users. Consequently, it poses a significant risk to the security and integrity of the affected sites, particularly versions from n/a through 3.4.1.
Affected Version(s)
GeoDigs <= 3.4.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)