cleantalk
Vulnerabilities and Security Researches

Zoho Subscriptions – Embed Payment Form, CVE-2025-57963

CVE, Research URL

CVE-2025-57963

Home page URL

Security reports for Zoho Subscriptions – Embed Payment Form

Application

Zoho Subscriptions – Embed Payment Form

Published on
Sep 23, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through <= 4.1.
Affected versions
max 4.1.
Status
vulnerable
Previous vulnerability researches
Easy Social Photos Gallery &#8211; MIF (CVE-2026-4085) , Apr 23, 2026
Easy Social Photos Gallery &#8211; MIF (9ee7f15134d640c2eae950910d76785cbb4fb093) , Jun 07, 2024
New vulnerability
Widgets for Google Reviews (CVE-2025-9436) , Apr 24, 2026
WP Mailgun SMTP (CVE-2025-59003) , Apr 24, 2026
TP Woocommerce Product Gallery (CVE-2025-5092) , Apr 24, 2026
Gallery with thumbnail slider (CVE-2025-5092) , Apr 24, 2026
Featured Post Creative (CVE-2026-6443) , Apr 24, 2026