CVE-2025-49930

Name of the Vulnerable Software and Affected Versions CrocoBlock JetSearch versions through 3.5.10

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The affected component is jet-search.

Recommendations Update to a version later than 3.5.10.