CVE-2025-32601

Name of the Vulnerable Software and Affected Versions: Twispay Credit Card Payments versions 2.1.2 and earlier

Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions.

Recommendations: For Twispay Credit Card Payments versions 2.1.2 and earlier, update to a version later than 2.1.2 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious code injection until a patch is available.