cleantalk
Vulnerabilities and Security Researches

xili-language, CVE-2025-58654

CVE, Research URL

CVE-2025-58654

Home page URL

Security reports for xili-language

Application

xili-language

Published on
Sep 23, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows DOM-Based XSS.This issue affects xili-language: from n/a through <= 2.21.3.
Affected versions
max 2.21.3.
Status
vulnerable
Previous vulnerability researches
xili-language (9f231df1d54696e6fdb5cd782bafd379b9ddbdc9) , Jun 06, 2024
xili-language (CVE-2025-31085) , Apr 03, 2025
xili-language (CVE-2025-58654) , Apr 25, 2026
New vulnerability
Image Editor by Pixo (CVE-2025-58232) , Apr 25, 2026
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-2799) , Apr 25, 2026
Kubio AI Page Builder (CVE-2025-8487) , Apr 25, 2026
PlayerJS (CVE-2025-58651) , Apr 25, 2026
PilotPress (CVE-2025-58238) , Apr 25, 2026