Reflected Cross-Site Scripting Vulnerability in AEC Kiosque by ATL Software SRL
CVE-2025-30902

7.1HIGH

Key Information:

Vendor: Atl Software Srl
Status: Aec KiOSque
Vendor: CVE Published:; 1 April 2025

🔔 Create Atl Software Srl Vulnerability Alert

What is CVE-2025-30902?

AEC Kiosque by ATL Software SRL contains a reflected Cross-site Scripting (XSS) vulnerability that arises from improper neutralization of input during web page generation. This flaw allows an attacker to inject malicious scripts into web pages, potentially compromising user data and enabling further exploitation. Users running AEC Kiosque versions up to 1.9.3 are at risk, highlighting the need for immediate mitigation to safeguard user interactions.

Affected Version(s)

AEC Kiosque <= 1.9.3

References

https://patchstack.com/database/wordpress/plugin/aec-kios...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

stealthcopter (Patchstack Alliance)