CVE-2025-23896

Name of the Vulnerable Software and Affected Versions Mindmeister Shortcode versions n/a through 1.0

Description The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS in Oncle Tom Mindmeister Shortcode.

Recommendations For Mindmeister Shortcode versions n/a through 1.0, consider disabling the functionality that allows user input in web page generation until a patch is available. Restrict access to potentially vulnerable API endpoints, such as /api/v1/login or /users/{id}, to minimize the risk of exploitation. Avoid using variables like username or user id in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.