Cross-Site Scripting Vulnerability in PageLayer by Pagelayer Team
CVE-2025-24573
6.5MEDIUM
Summary
A security issue has been identified in the PageLayer plugin by Pagelayer Team, resulting in a cross-site scripting vulnerability. This weakness allows attackers to inject malicious scripts into web pages displayed to users, potentially compromising user data and website integrity. All versions up to 1.9.4 are affected. Ensuring timely updates and robust security measures is crucial to mitigate the risks associated with this vulnerability.
Affected Version(s)
PageLayer <= 1.9.4
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
LVT-tholv2k (Patchstack Alliance)