Cross-site Scripting Vulnerability in Fast Tube by NotFound
CVE-2025-23770
7.1HIGH
Summary
A vulnerability in Fast Tube allows for Reflected Cross-site Scripting (XSS) attacks due to improper input neutralization during web page generation. This security flaw can be exploited by attackers to inject malicious scripts, potentially affecting users who visit the compromised site. It is crucial for users of Fast Tube, especially those using versions from n/a through 2.3.1, to address this issue promptly to safeguard against potential security breaches.
Affected Version(s)
Fast Tube <= 2.3.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)