CVE-2025-31575

Name of the Vulnerable Software and Affected Versions Vasilis Triantafyllou Flag Icons versions n/a through 2.2

Description The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Stored XSS. This is a basic XSS vulnerability.

Recommendations For versions n/a through 2.2, consider disabling the functionality that allows user-inputted HTML tags to be stored and executed, until a proper fix is available. Restrict access to the affected web page to minimize the risk of exploitation. Avoid using user-inputted data in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.