CVE-2025-68892

Name of the Vulnerable Software and Affected Versions Scroll rss excerpt versions n/a through 5.0

Description The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Reflected Cross-Site Scripting (XSS) condition. This allows for the injection of malicious scripts through the application. The vulnerable component is scroll-rss-excerpt. The issue is triggered by insufficient input validation during web page generation. The vulnerable parameter or variable is not specified.

Recommendations Versions prior to 5.1 should be updated. As a temporary workaround, consider disabling the scroll-rss-excerpt component until a patch is available.