CVE-2025-46237 — Cross-site Scripting in Link Library

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 67.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ylefebvre Link Library Yannick Lefebvre Link Library

Timeline

PublishedApr 22

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Stored XSS.This issue affects Link Library: from n/a through <= 7.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5yannick_lefebvre/link_library7.8

▶NVDylefebvre/link_library< 7.8.1

🔴Vulnerability Details

CVEList

WordPress Link Library plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability↗2025-04-22

▶

GHSA

GHSA-c86v-34qq-wvpw: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Stored XSS↗2025-04-22

▶