CVE-2025-64202
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
DOM-Based XSS vulnerability in TieLabs Sahifa theme for WordPress allows injection of malicious scripts via improper input neutralization, affecting versions before 5.8.6.
The Sahifa theme for WordPress contains a DOM-Based Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation [1]. This flaw occurs in versions from n/a through 5.8.5, allowing attackers to inject arbitrary scripts into the DOM environment.
Successful exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page, typically initiated by a privileged user [1]. The attack does not require authentication but leverages the victim's browser to execute the injected payload directly.
An attacker can inject malicious scripts, including redirects, advertisements, and other HTML payloads, which execute when visitors access the compromised site [1]. This could lead to defacement, data theft, or further attacks on site visitors.
The vulnerability is fully patched in version 5.8.6. Users are strongly advised to update immediately. If unable to do so, consult hosting providers or developers for assistance [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.