Medium severity6.1NVD Advisory· Published Mar 2, 2026· Updated Apr 27, 2026

CVE-2025-65465

Description

A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18.

Affected products

Skrol29/Tbszipreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/Y-T-T/ad9d05bee5f1fd4569fa5e89583d7304nvd
github.com/Skrol29/tbszip/releases/tag/v2.18nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000