CODEC Sponsored Content - Reflected cross-site scripting (XSS)
4,8
Medium
Summary
Full name
CODEC Sponsored Content 3.0. - Reflected cross-site scripting (XSS)
Code name
State
Private
Release date
14 mar 2025
Affected product
CODEC Sponsored Content
Affected version(s)
Version 3.0.
Vulnerability name
Reflected cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
No
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U
CVSS v4.0 base score
4.8
Exploit available
No
CVE ID(s)
Description
CODEC Sponsored Content 3.0. was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/codec-sponsored-content.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in CODEC Sponsored Content 3.0.. The following is the output of the tool:
Skims output
Our security policy
We have reserved the ID CVE-2025-31302 to refer to this issue from now on. Disclosure policy
System Information
Product: CODEC Sponsored Content
Version: 3.0.
Mitigation
There is currently no patch available for this vulnerability.
Timeline
IA generativa
14 mar 2025
Vendor contacted
14 mar 2025
