Vulnerability Summary
Generic XSS caused by improper handling of user-controlled input in the URL path
A reflected XSS vulnerability was identified in a public-facing web application, where attacker-controlled input from the URL path was reflected unsafely into HTML metadata within the <head> section.
By crafting a payload that bypassed input filtering and leveraging cacheable responses, this vulnerability evolved from a simple reflected XSS into a higher-impact issue affecting future visitors requesting the same poisoned resource.
pyus3rA critical Reflected Cross-Site Scripting (XSS) vulnerability was discovered in a captive WiFi portal, allowing an unauthenticated attacker to steal the credentials of any user connecting via a malicious URL.
pyus3rThis writeup details a high-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2025-24752) discovered in the Essential Addons for Elementor plugin for WordPress (by WPDeveloper).
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In