CVE-2026-25304

Name of the Vulnerable Software and Affected Versions Jaroti versions prior to 1.4.8

Description An issue exists in Jaroti that allows for Reflected Cross-Site Scripting (XSS). This occurs due to improper handling of user-supplied input during web page generation. The vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.

Recommendations Update Jaroti to version 1.4.8 or later.