CVE-2025-50005Cross-site Scripting in Composer

CWE-79Cross-site ScriptingCWE-416Use After Free5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 88.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tagdiv Composer
Timeline
PublishedJan 22

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

CVEListV5tagdiv/tagdiv_composer5.4.2

🔴Vulnerability Details

2
CVEList
WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability2026-01-22
GHSA
GHSA-3qcj-r6mr-vw7f: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Ba2026-01-22

📋Vendor Advisories

1
Microsoft
mac802154: Fix potential RCU dereference issue in mac802154_scan_worker2024-10-08

🕵️Threat Intelligence

1
Wiz
CVE-2025-50005 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-50005 — Cross-site Scripting in Composer | cvebase