CVE-2025-66053

Name of the Vulnerable Software and Affected Versions Kriesi Enfold versions through 7.1.2

Description A flaw exists in Kriesi Enfold that allows for Stored Cross-site Scripting (XSS). This issue arises from improper handling of user-supplied data during web page creation, potentially enabling malicious code injection. The vulnerability could allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is not specified.

Recommendations Update Kriesi Enfold to a version later than 7.1.2.