Cross-site Scripting Vulnerability in Statify Widget by Finn Dohrn
CVE-2025-48322
6.5MEDIUM
What is CVE-2025-48322?
A Cross-site Scripting (XSS) vulnerability exists in the Statify Widget developed by Finn Dohrn, which allows attackers to execute arbitrary scripts in the context of users' browsers. The vulnerability arises due to improper neutralization of input during web page generation. This issue poses a significant security risk as it enables stored XSS attacks, potentially leading to unauthorized data access and manipulation for users interacting with the compromised widget.
Affected Version(s)
Statify Widget <= 1.4.6