AI description
Generated using AI and has not been reviewed by Intruder. May contain errors.
CVE-2025-23850 is a cross-site scripting (XSS) vulnerability stemming from improper input neutralization during web page generation in the Mojo Under Construction plugin. This vulnerability allows reflected XSS attacks. Affected versions range from unspecified versions up to and including 1.1.2. It's important to note that there might be confusion with similar vulnerability descriptions related to other plugins. Information from some sources describes vulnerabilities with similar characteristics impacting "Coronavirus (COVID-19) Outbreak Data Widgets" and "Guten Free Options" plugins. However, CVE-2025-23850 specifically refers to the vulnerability within the Mojo Under Construction plugin.
- Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mojo Under Construction allows Reflected XSS. This issue affects Mojo Under Construction: from n/a through 1.1.2.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 3.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
- Severity
- HIGH
- audit@patchstack.com
- CWE-79
- Hype score
- Not currently trending