CVE Catalog
CVE-2025-68074
MediumCVSS 6.5Summary
Cross Site Scripting (XSS) vulnerability in Image Carousel plugin versions up to 1.0.0.41 allows an attacker to inject malicious JavaScript code into the page. The flaw is due to insufficient input sanitization.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the context of the victim's browser.
Recommendation
Immediately update the Image Carousel plugin to a version newer than 1.0.0.41. If an update is not available, temporarily disable the plugin.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.

