Stored XSS Vulnerability in Mesa Reservation Widget by gslauraspeck

CVE-2025-48319

What is CVE-2025-48319?

A Cross-site Scripting (XSS) vulnerability has been identified in the Mesa Reservation Widget developed by gslauraspeck, which allows attackers to execute malicious scripts on users' web browsers. This vulnerability arises due to improper handling of user input during web page generation. As a result, it enables the possibility of stored XSS attacks, where malicious scripts can be persisted on the server and executed when a user accesses the affected page. The vulnerable versions extend from n/a through 1.0.0, and it is crucial for users to take immediate action to secure their sites by updating the affected product.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References