CVE-2025-58245

CVE-2025-58245

Name

CVE-2025-58245

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vdb-entry	https://patchstack.com/database/wordpress/plugin/portfolio/vulnerability/wordpress-portfolio-plugin-2-58-cross-site-scripting-xss-vulnerability?_s_id=cve

Type

URI

vdb-entry

https://patchstack.com/database/wordpress/plugin/portfolio/vulnerability/wordpress-portfolio-plugin-2-58-cross-site-scripting-xss-vulnerability?_s_id=cve

CPE URI	Source package	Min version	Max version
	portfolio	>= n/a	<= 2.58

CPE URI

Source package

Min version

Max version

portfolio

>= n/a

<= 2.58

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
portfolio	edge-community	1.0.2-r0	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable
portfolio	edge-community	1.0.1-r1	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable
portfolio	3.22-community	1.0.2-r0	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable
portfolio	3.22-community	1.0.1-r1	Clayton Craft <clayton@craftyguy.net>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

portfolio

edge-community

1.0.2-r0

Clayton Craft <clayton@craftyguy.net>

possibly vulnerable

portfolio

edge-community