CVE-2025-26555

Name of the Vulnerable Software and Affected Versions: Debug-Bar-Extender versions 0.5 and earlier

Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages.

Recommendations: For versions 0.5 and earlier, consider disabling the reflective XSS functionality until a patch is available. Restrict access to sensitive Debug-Bar-Extender modules to minimize the risk of exploitation. Avoid using user-inputted data in the affected web page generation functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.