CVE-2025-31080 — Cross-site Scripting in Software LLC Html Forms

CWE-79 — Cross-site Scripting CWE-126 — Buffer Over-read4 documents4 sources

Severity

7.3HIGH

No vector

EPSS

0.1%

top 66.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Link Software LLC Html Forms

Timeline

PublishedApr 1

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.1.

Affected Packages1 packages

▶CVEListV5link_software_llc/html_forms1.5.1

🔴Vulnerability Details

CVEList

WordPress HTML Forms plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability↗2025-04-01

▶

GHSA

GHSA-pmm6-x9mw-vxqc: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS↗2025-04-01

▶

📋Vendor Advisories

Microsoft

Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents↗2024-04-09

▶