CVE-2025-62989

Name of the Vulnerable Software and Affected Versions Boxy Studio Cooked versions through 1.11.2

Description A flaw exists in Boxy Studio Cooked that allows for Stored Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is susceptible to Stored XSS attacks, meaning the malicious script is permanently stored on the target server. The API endpoint and vulnerable parameters are not specified.

Recommendations Update Boxy Studio Cooked to a version later than 1.11.2.