CVE-2025-45002

Name of the Vulnerable Software and Affected Versions Vigybag versions 1.0 and before

Description The issue is related to Cross Site Scripting (XSS) via the upload profile picture function under the user's profile. This allows for potential malicious script execution. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For Vigybag versions 1.0 and before, as a temporary workaround, consider disabling the upload profile picture function until a patch is available. Restrict access to the profile picture upload feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.