CVE-2025-46538

Name of the Vulnerable Software and Affected Versions webplanetsoft Inline Text Popup versions 1.0.0 and earlier

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker can inject malicious scripts into the webpage, potentially leading to unauthorized access or control.

Recommendations For webplanetsoft Inline Text Popup versions 1.0.0 and earlier, consider disabling the DOM-based functionality until a patch is available. Restrict access to sensitive data and minimize the use of user-inputted data in the Inline Text Popup to minimize the risk of exploitation.