CVE-2025-23644

Name of the Vulnerable Software and Affected Versions QuoteMedia Tools versions n/a through 1.0

Description The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This is a type of Cross-site Scripting attack.

Recommendations For versions n/a through 1.0, consider disabling the web page generation feature until a patch is available. Restrict access to potentially vulnerable modules to minimize the risk of exploitation. Avoid using user-inputted data in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.