CVE-2025-32524

Name of the Vulnerable Software and Affected Versions: MyWorks MyWorks WooCommerce Sync for QuickBooks Online versions 2.9.1 and earlier

Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting (XSS). This enables potential attackers to inject malicious scripts into web pages.

Recommendations: For MyWorks MyWorks WooCommerce Sync for QuickBooks Online versions 2.9.1 and earlier, update to a version later than 2.9.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.