Cross-site Scripting Vulnerability in Tribulant Software Snow Storm
CVE-2025-30858

7.1HIGH

Key Information:

Vendor: Tribulant Software
Status: Snow Storm
Vendor: CVE Published:; 3 April 2025

🔔 Create Tribulant Software Vulnerability Alert

What is CVE-2025-30858?

A vulnerability has been identified in the Tribulant Software Snow Storm plugin that allows an attacker to execute malicious scripts in the context of a user's browser. This reflected Cross-site Scripting (XSS) flaw can be exploited when user input is not properly sanitized during web page generation. It impacts all versions from n/a to 1.4.6, creating a risk for users who may unknowingly interact with maliciously crafted links. It is essential for users and administrators to apply security measures and updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Snow Storm <= 1.4.6

References

https://patchstack.com/database/wordpress/plugin/snow-sto...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)

JSON

Tribulant Software