CVE-2025-48291 — Cross-site Scripting in Strecker Contestgallery Developer Contest Gallery

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 84.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedJul 16

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 26.0.6.

Affected Packages1 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery26.0.6

🔴Vulnerability Details

GHSA

GHSA-wvrf-c7q5-h5x5: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Cont↗2025-07-16

▶

CVEList

WordPress Contest Gallery <= 26.0.6 - Cross Site Scripting (XSS) Vulnerability↗2025-07-16

▶