CVE-2025-22659Cross-site Scripting in Orbit FOX BY Themeisle

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 68.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Themeisle Orbit FOX BY ThemeisleThemeisle Orbit FOX
Timeline
PublishedMar 27

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 2.10.44.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDthemeisle/orbit_fox2.10.44

🔴Vulnerability Details

2
CVEList
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability2025-03-27
GHSA
GHSA-m87m-4m85-px6p: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored X2025-03-27
CVE-2025-22659 — Cross-site Scripting | cvebase