CVE-2025-22570

Name of the Vulnerable Software and Affected Versions Miloš Đekić Inline Tweets versions n/a through 2.0

Description The issue is related to an improper neutralization of input during web page generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious code into the web page, which can then be stored and executed by the application, potentially leading to unauthorized access or other malicious activities. The vulnerability can be exploited by injecting malicious input into the web page generation process.

Recommendations For versions n/a through 2.0, consider disabling the web page generation feature until a patch is available to prevent the injection of malicious code. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using user-inputted data in the web page generation process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.