CVE-2025-28895

Name of the Vulnerable Software and Affected Versions: sumanbiswas013 Custom top bar versions n/a through 2.0.2

Description: The issue is related to improper neutralization of input during web page generation, which allows for Cross-site Scripting (XSS). Specifically, it enables Stored XSS.

Recommendations: For versions n/a through 2.0.2, consider disabling the custom top bar functionality until a patch is available to prevent potential exploitation. Restrict access to the custom top bar module to minimize the risk of Stored XSS attacks. Avoid using user-inputted data in the custom top bar to prevent malicious script execution.