Cross-site Scripting Vulnerability in Team Showcase by cmoreira
CVE-2025-49247
7.1HIGH
What is CVE-2025-49247?
An improper neutralization of input during web page generation in the Team Showcase plugin by cmoreira enables a DOM-Based Cross-site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and session information. Users of affected versions are advised to update their plugins promptly to mitigate the risk.
Affected Version(s)
Team Showcase < 25.05.13
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)