Skip to main content

Brookside EUVDEUVD-2025-208865

| CVE-2025-67618 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-03-19 Patchstack
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
EUVD ID Assigned
Mar 19, 2026 - 09:00 euvd
EUVD-2025-208865
Analysis Generated
Mar 19, 2026 - 09:00 vuln.today
CVE Published
Mar 19, 2026 - 08:31 nvd
HIGH 7.1

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.

AnalysisAI

A reflected cross-site scripting (XSS) vulnerability exists in the ArtstudioWorks Brookside WordPress theme through version 1.4. An attacker can inject malicious scripts that execute in victims' browsers when they click a specially crafted link, potentially leading to session hijacking, credential theft, or defacement. The CVSS score of 7.1 indicates high severity with a changed scope, and this vulnerability was disclosed by Patchstack as a database entry.

Technical ContextAI

This vulnerability affects the ArtstudioWorks Brookside WordPress theme (CPE: cpe:2.3:a:artstudioworks:brookside:*:*:*:*:*:*:*:*) through version 1.4. The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning the theme fails to properly sanitize or encode user-supplied input before reflecting it back in HTML responses. In WordPress themes, this typically occurs when URL parameters, search queries, or other user inputs are directly embedded into page output without proper escaping functions like esc_html() or esc_url(). The reflected nature means the malicious payload is not stored server-side but must be delivered to victims through external means such as phishing emails or malicious websites.

RemediationAI

Website administrators should immediately update the Brookside theme to a patched version newer than 1.4 if available from ArtstudioWorks or through the WordPress theme repository. Check the Patchstack advisory at https://patchstack.com/database/wordpress/theme/brookside/vulnerability/wordpress-brookside-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve for the latest remediation guidance and confirmed safe versions. If an update is not yet available, consider temporarily switching to an alternative WordPress theme until a patch is released. As an interim mitigation, implement a Web Application Firewall (WAF) with XSS filtering rules, enable Content Security Policy (CSP) headers to restrict script execution, and educate users about not clicking suspicious links. Administrators should also review server logs for signs of exploitation attempts targeting the theme's vulnerable input parameters.

Share

EUVD-2025-208865 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy