CVE-2025-26558

Name of the Vulnerable Software and Affected Versions: Aparat Responsive versions n/a through 1.3

Description: The issue is related to improper neutralization of input during web page generation, allowing DOM-Based XSS. This enables an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user.

Recommendations: For versions n/a through 1.3, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using user-supplied input in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.