Cross-site Scripting Vulnerability in Penci Recipe by PenciDesign
CVE-2025-59585
6.5MEDIUM
What is CVE-2025-59585?
A Cross-site Scripting (XSS) vulnerability exists in the Penci Recipe plugin developed by PenciDesign, allowing for potential DOM-based XSS attacks. This vulnerability affects versions from n/a to 4.0, enabling an attacker to inject malicious scripts into web pages viewed by users. Such exploitation can compromise user data and result in unauthorized actions, making it crucial for users of Penci Recipe to implement security measures.
Affected Version(s)
Penci Recipe <= 4.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)