Vulnerabilities and security researches forxili-language xili-language

Apr 25, 2026

CVE, Research URL: CVE-2025-58654
Home page URL: Security reports for xili-language
Application: xili-language
Date: Sep 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows DOM-Based XSS.This issue affects xili-language: from n/a through <= 2.21.3.
Affected versions: max 2.21.3.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31085
Home page URL: Security reports for xili-language
Application: xili-language
Date: Apr 02, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language allows Reflected XSS. This issue affects xili-language: from n/a through 2.21.2.
Affected versions: max 2.21.3.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: 9f231df1d54696e6fdb5cd782bafd379b9ddbdc9
Home page URL: Security reports for xili-language
Application: xili-language
Date: May 15, 2015
Research Description: xili-language [xili-language] < 2.8.6 (closed) WordPress xili-language Plugin <= 2.8.5 - Cross Site Scripting This plugin is prone to a cross site scripting vulnerability in index.php lang parameter. Update the plugin.
Affected versions: max 2.8.6.
Status: vulnerable