Cross-site Scripting Vulnerability in Aparat Responsive by mkkmail
CVE-2025-26558
6.5MEDIUM
Summary
A Cross-site Scripting (XSS) vulnerability exists in the Aparat Responsive plugin by mkkmail, which allows attackers to exploit improper neutralization of input during web page generation. This vulnerability can lead to DOM-Based XSS, enabling unauthorized access to sensitive user data and potentially compromising web applications. Affected versions range from n/a through 1.3, making it essential for users to assess their deployments and apply necessary security measures to mitigate risks associated with this vulnerability.
Affected Version(s)
Aparat Responsive <= 1.3
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Peter Thaleikis (Patchstack Alliance)