CVE-2025-59586

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Portfolio versions through 3.5

Description The software contains a flaw related to improper input handling during web page creation, leading to a DOM-Based Cross-site Scripting (XSS) condition. This allows for potential malicious code execution within the context of the user's browser. The vulnerability exists due to insufficient sanitization of user-supplied input when generating web pages. This could allow an attacker to inject arbitrary scripts into a web page viewed by other users.

Recommendations Update PenciDesign Penci Portfolio to a version later than 3.5.