PT-2025-53890 · Inboxify · Inboxify
Muhammad Nur Ibnu Hubab
·
Published
2025-12-30
·
Updated
2025-12-30
·
CVE-2025-69008
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Inboxify versions prior to 1.0.5
Description
The Inboxify Sign Up Form, specifically the
inboxify-sign-up-form component, contains a flaw related to the handling of user-supplied data during web page creation. This can lead to the injection of malicious scripts, known as Stored Cross-site Scripting (XSS). Successful exploitation of this issue could allow an attacker to execute arbitrary code within the context of a user's browser when they access the affected form. The vulnerable component is the Inboxify Sign Up Form.Recommendations
Update Inboxify to version 1.0.5 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Inboxify