{"id":"CVE-2025-25973","details":"A stored Cross Site Scripting vulnerability in the \"related recommendations\" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters.","modified":"2026-04-10T05:24:31.909436Z","published":"2025-02-20T18:15:26.713Z","references":[{"type":"REPORT","url":"https://github.com/yandaozi/PPress/issues/3"},{"type":"FIX","url":"https://gist.github.com/coleak2021/512acaa12ba0987499d560967acff1d1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yandaozi/PPress","events":[{"introduced":"0"},{"last_affected":"afe3a7d71b76d2bda0fced5c9b26119a8e2c5427"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.0.9-beta"}]}}],"versions":["v0.0.9-beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25973.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}