CVE-2025-39444 — Cross-site Scripting in Maxbuttons

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 66.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Maxfoundry Maxbuttons

Timeline

PublishedApr 17

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through <= 9.8.3.

Affected Packages1 packages

▶CVEListV5maxfoundry/maxbuttons9.8.3

🔴Vulnerability Details

GHSA

GHSA-qv7q-mmqf-j634: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxfoundry MaxButtons allows Stored XSS↗2025-04-17

▶

CVEList

WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability↗2025-04-17

▶