CVE-2025-26882Cross-site Scripting in Popup Builder

CWE-79Cross-site Scripting4 documents4 sources
Severity
7.8HIGH
No vector
EPSS
0.1%
top 71.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ghozylab Popup Builder
Timeline
PublishedFeb 25

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Popup Builder easy-notify-lite allows Stored XSS.This issue affects Popup Builder: from n/a through <= 1.1.33.

Affected Packages1 packages

CVEListV5ghozylab/popup_builder1.1.33

🔴Vulnerability Details

2
GHSA
GHSA-wm9h-7mh6-4c6p: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Popup Builder allows Stored XSS2025-02-25
CVEList
WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability2025-02-25

📋Vendor Advisories

1
Microsoft
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()2024-04-09
CVE-2025-26882 — Cross-site Scripting in Popup Builder | cvebase