CVE-2025-22514

Name of the Vulnerable Software and Affected Versions Yamna Tatheer KNR Author List Widget versions n/a through 3.1.1

Description The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Reflected XSS. This can be exploited by injecting malicious code into the web page, allowing an attacker to steal user data or take control of the user's session. There is no information provided about a public exploit or whether the vulnerability has been exploited by attackers. No information is available about the number of Internet users that can be affected by the exploitation of this issue.

Recommendations For versions n/a through 3.1.1, update to a version later than 3.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the widget to minimize the risk of exploitation. Avoid using the widget until the issue is resolved. At the moment, there is no other information about additional mitigation measures.