Cross-site Scripting Vulnerability in Ninja Popups by arscode
CVE-2025-63059
6.5MEDIUM
What is CVE-2025-63059?
The vulnerability in Ninja Popups from arscode presents a serious risk through improper input handling during web page generation, allowing for Stored Cross-site Scripting (XSS) attacks. This can potentially enable attackers to inject malicious scripts that could execute in the context of a user's browser, compromising personal data and user sessions. It affects versions of Ninja Popups up to and including 4.7.8. Organizations using this plugin must assess their exposure and apply necessary patches to mitigate risks.
Affected Version(s)
Ninja Popups <= n/a
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program