CVE-2025-68875

Name of the Vulnerable Software and Affected Versions Flaming Password Reset versions through 1.0.3

Description The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The affected component is the flaming-password-reset functionality. The issue allows for Stored XSS, meaning the malicious script is persistently stored on the target server.

Recommendations Flaming Password Reset versions prior to and including 1.0.3 should be updated to a newer, secure version if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.