CVE-2025-68874

Name of the Vulnerable Software and Affected Versions Shahjada Visitor Stats Widget versions through 1.5.0

Description The Shahjada Visitor Stats Widget software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied input before it is included in the generated web page. The vulnerable component is susceptible to attacks where an attacker can craft a malicious URL containing the injected script. When a user clicks on this URL, the script is executed in their browser, potentially allowing the attacker to steal cookies, redirect the user to a malicious website, or modify the content of the web page. The API endpoints and vulnerable parameters were not specified in the provided information.

Recommendations Versions through 1.5.0 should be updated to a newer, secure version if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.