CVE-2025-23709

Name of the Vulnerable Software and Affected Versions Kiro G. Formatted post versions n/a through 1.01

Description The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting (XSS). This means that an attacker can inject malicious code into a webpage, potentially leading to unauthorized actions. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include the fact that formatted posts allow reflected XSS. No specific API endpoints, vulnerable parameters, or function names are mentioned.

Recommendations For versions n/a through 1.01, update to a version that fixes the improper neutralization of input during web page generation to prevent reflected XSS attacks. As a temporary workaround, consider restricting the use of formatted posts until a patch is available.