Skip to main content

Industrial CVE-2025-69323

HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-02-20 audit@patchstack.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:04 vuln.today
CVE Published
Feb 20, 2026 - 16:22 nvd
HIGH 7.1

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2.

AnalysisAI

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2. [CVSS 7.1 HIGH]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects VeronaLabs Slimstat Analytics wp-slimstat. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2.

Affected ProductsAI

Product: VeronaLabs Slimstat Analytics wp-slimstat.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2025-63624 CRITICAL POC
9.8 Feb 03

Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the

CVE-2026-24857 CRITICAL POC
9.8 Jan 28

bulk_extractor digital forensics tool starting from version 1.4 has a heap buffer overflow in its embedded unrar code th

CVE-2026-23519 CRITICAL POC
9.8 Jan 15

RustCrypto CMOV before 0.4.4 emits non-constant-time assembly on ARM Cortex-M0/M0+/M1 targets. Cryptographic operations

CVE-2021-47881 HIGH POC
8.4 Jan 23

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to over

CVE-2026-22850 HIGH POC
8.3 Jan 19

SQL injection in Koko Analytics for WordPress prior to version 2.1.3 allows unauthenticated attackers to inject maliciou

CVE-2026-22700 HIGH POC
7.5 Jan 10

RustCrypto's SM2 elliptic curve implementation in versions 0.14.0-pre.0 and 0.14.0-rc.0 is vulnerable to denial-of-servi

CVE-2026-26025 HIGH POC
7.5 Feb 24

free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allo

CVE-2026-26024 HIGH POC
7.5 Feb 24

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 inte

CVE-2026-25501 HIGH POC
7.5 Feb 24

free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interfac

CVE-2019-25291 HIGH POC
7.5 Jan 08

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that ca

CVE-2026-22689 MEDIUM POC
6.5 Jan 10

Mailpit versions up to 1.28.2 contains a vulnerability that allows attackers to intercept sensitive data such as email c

CVE-2025-64075 CRITICAL
10.0 Feb 11

Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypa

Share

CVE-2025-69323 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy