CVE-2025-46657

Name of the Vulnerable Software and Affected Versions Karaz Karazal through 2025-04-14

Description The issue allows reflected XSS via the lang parameter to the default URI. This can lead to improper neutralization of input during web page generation, also known as cross-site scripting.

Recommendations For Karaz Karazal through 2025-04-14, as a temporary workaround, consider restricting access to the default URI or disabling the use of the lang parameter until a patch is available. Avoid using the lang parameter in the affected URI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.