CVE-2025-22576

The vulnerable software is Marcus Downing Site PIN, with versions from n/a through 1.3 being affected. The vulnerability is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Reflected XSS. This type of vulnerability can be exploited by attackers to inject malicious scripts into web pages, potentially affecting users who visit the compromised site. There is a public reference to this issue, but no information is provided about whether it has been exploited by attackers or the number of Internet users who can be affected. The vulnerability can be exploited through reflected XSS attacks, where an attacker injects malicious code into a website, which is then reflected back to the user's browser, executing the malicious script. https://t.co/asBoZvJQ7h and https://t.co/GUlh6IwWFP provide more information about this issue. #MarcusDowningSitePIN #CrossSiteScripting #XSS #ReflectedXSS #CVE202522576 #ImproperNeutralizationOfInput #WebPageGeneration #SitePIN #Vulnerability