CVE-2025-23641

CVSS 3.1 Score 6.5 of 10 (medium)

Attack Complexity low

Scope changed

Confidentiality low

Integrity low

Availability low

Privileges Required low

Details

Published Jan 16, 2025

CWE ID 79

Summary

CVE-2025-23641 is a Cross-Site Scripting (XSS) vulnerability affecting Thomas Ehrhardt Powie's pLinks PagePeeker. The issue, located within the web page generation process, allows attackers to inject malicious scripts into a victim's browser by exploiting DOM-Based XSS. This defect poses a significant risk as it can lead to data theft, session hijacking, and other malicious activities. The vulnerability affects pLinks PagePeeker versions from n/a through 1.0.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2ha_Ia
https://www.cve.org/CVERecord?id=CVE-2025-23641
https://nvd.nist.gov/vuln/detail/CVE-2025-23641

Back to Vulnerability Database

CVE-2025-23641

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations