Cross-Site Scripting Vulnerability in AccessiBe Web Accessibility by accessiBe
CVE-2025-26981
7.1HIGH
Key Information:
- Vendor
- Accessibe
- Status
- Web Accessibility By Accessibe
- Vendor
- CVE Published:
- 25 February 2025
Summary
A Cross-Site Scripting vulnerability exists in the Web Accessibility by accessiBe, where improper input neutralization during web page generation allows attackers to execute arbitrary scripts in the context of users' browsers. This issue affects versions from n/a up to 2.5, potentially enabling attackers to manipulate web content and execute harmful scripts, thereby compromising user security.
Affected Version(s)
Web Accessibility By accessiBe <= 2.5
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dimas Maulana (Patchstack Alliance)