CVE-2025-46236 — Cross-site Scripting in Html Forms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 67.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksoftwarellc Html Forms Link Software LLC Html Forms

Timeline

PublishedApr 22

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDlinksoftwarellc/html_forms< 1.5.3

▶CVEListV5link_software_llc/html_forms1.5.2

🔴Vulnerability Details

CVEList

WordPress HTML Forms plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability↗2025-04-22

▶

GHSA

GHSA-cpvv-6mq2-5cpj: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS↗2025-04-22

▶