{"data":{"id":"6d9789dc-570d-4d6e-9e69-57d8bece1eff","title":"CVE-2025-23668: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ChatGPT O","summary":"A cross-site scripting (XSS, where an attacker injects malicious code into a webpage to trick users) vulnerability was found in the ChatGPT Open AI Images & Content for WooCommerce plugin, affecting versions up to 2.2.0. The vulnerability allows attackers to inject harmful scripts through reflected XSS (where malicious input is immediately reflected back to the user without proper filtering).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-23668","publishedAt":"2025-03-03T19:15:44.833Z","cveId":"CVE-2025-23668","cweIds":["CWE-79"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00094,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}