CVE Catalog

CVE-2025-68074

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

Cross Site Scripting (XSS) vulnerability in Image Carousel plugin versions up to 1.0.0.41 allows an attacker to inject malicious JavaScript code into the page. The flaw is due to insufficient input sanitization.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the context of the victim's browser.

Recommendation

Immediately update the Image Carousel plugin to a version newer than 1.0.0.41. If an update is not available, temporarily disable the plugin.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS