CVE-2025-57974

Name of the Vulnerable Software and Affected Versions TZ PlusGallery versions through 1.5.5

Description The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting (XSS) issue. This allows for Stored XSS attacks. The issue affects the application when processing user-supplied data, potentially leading to the execution of malicious scripts within the context of a user's browser. The vulnerable component is susceptible to attacks where an attacker can inject malicious code into web pages viewed by other users.

Recommendations Update TZ PlusGallery to a version later than 1.5.5.