CVE-2025-68037 — Cross-site Scripting in Gondal Export Media Urls

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 97.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlas Gondal Export Media Urls

Timeline

PublishedFeb 20

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages1 packages

▶CVEListV5atlas_gondal/export_media_urls2.2

🔴Vulnerability Details

GHSA

GHSA-5284-5qqc-v2w8: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls↗2026-02-20

▶

CVEList

WordPress Export Media URLs plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability↗2026-02-20

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68037 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶