CVE-2025-30935: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in NickDuncan Contact Form
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NickDuncan Contact Form allows DOM-Based XSS. This issue affects Contact Form: from n/a through 2.0.12.
AI Analysis
Technical Summary
CVE-2025-30935 is a medium-severity vulnerability classified under CWE-79, which pertains to improper neutralization of input during web page generation, commonly known as Cross-site Scripting (XSS). Specifically, this vulnerability affects the NickDuncan Contact Form plugin, versions up to 2.0.12. The flaw is a DOM-based XSS, meaning that malicious scripts are executed in the victim's browser by manipulating the Document Object Model (DOM) environment, rather than through server-side injection. This type of XSS occurs when client-side scripts write user-controllable data to the DOM without proper sanitization or encoding, allowing attackers to inject and execute arbitrary JavaScript code. The CVSS 3.1 score of 6.5 reflects a medium severity, with an attack vector of network (remote exploitation), low attack complexity, requiring privileges (PR:L) and user interaction (UI:R), and a scope change (S:C). The impact includes partial loss of confidentiality, integrity, and availability, as the injected scripts can steal session tokens, manipulate page content, or perform actions on behalf of the user. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in March 2025 and published in June 2025. The affected product is a web-based contact form plugin, likely used in websites to facilitate user communication. Given the nature of DOM-based XSS, exploitation requires that a user visits a crafted malicious link or page that triggers the vulnerable script execution in their browser context.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to websites using the NickDuncan Contact Form plugin. Successful exploitation can lead to session hijacking, defacement, phishing, or unauthorized actions performed in the context of authenticated users. This can compromise user data confidentiality and integrity, damage organizational reputation, and potentially lead to regulatory non-compliance under GDPR if personal data is exposed or manipulated. The medium severity indicates that while the vulnerability is exploitable remotely, it requires some level of user interaction and privileges, which may limit widespread automated exploitation. However, targeted attacks against high-value web portals, customer-facing services, or internal portals accessible by employees could have significant operational and reputational impacts. Additionally, the scope change in the CVSS vector suggests that the vulnerability affects components beyond the initially vulnerable module, potentially impacting other parts of the web application or user sessions.
Mitigation Recommendations
1. Immediate mitigation should include disabling or removing the NickDuncan Contact Form plugin until a security patch is released. 2. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. 3. Employ rigorous input validation and output encoding on all user-supplied data, especially in client-side scripts that manipulate the DOM. 4. Monitor web application logs and user reports for suspicious activities indicative of XSS exploitation attempts. 5. Educate users and administrators about the risks of clicking on suspicious links and the importance of reporting anomalies. 6. Once available, promptly apply official patches or updates from the vendor addressing this vulnerability. 7. Conduct security testing, including automated scanning and manual penetration testing focused on DOM-based XSS vectors, to identify and remediate similar issues in other web components. 8. Consider implementing web application firewalls (WAF) with rules targeting XSS payloads as an additional protective layer.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden
CVE-2025-30935: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in NickDuncan Contact Form
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NickDuncan Contact Form allows DOM-Based XSS. This issue affects Contact Form: from n/a through 2.0.12.
AI-Powered Analysis
Technical Analysis
CVE-2025-30935 is a medium-severity vulnerability classified under CWE-79, which pertains to improper neutralization of input during web page generation, commonly known as Cross-site Scripting (XSS). Specifically, this vulnerability affects the NickDuncan Contact Form plugin, versions up to 2.0.12. The flaw is a DOM-based XSS, meaning that malicious scripts are executed in the victim's browser by manipulating the Document Object Model (DOM) environment, rather than through server-side injection. This type of XSS occurs when client-side scripts write user-controllable data to the DOM without proper sanitization or encoding, allowing attackers to inject and execute arbitrary JavaScript code. The CVSS 3.1 score of 6.5 reflects a medium severity, with an attack vector of network (remote exploitation), low attack complexity, requiring privileges (PR:L) and user interaction (UI:R), and a scope change (S:C). The impact includes partial loss of confidentiality, integrity, and availability, as the injected scripts can steal session tokens, manipulate page content, or perform actions on behalf of the user. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in March 2025 and published in June 2025. The affected product is a web-based contact form plugin, likely used in websites to facilitate user communication. Given the nature of DOM-based XSS, exploitation requires that a user visits a crafted malicious link or page that triggers the vulnerable script execution in their browser context.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to websites using the NickDuncan Contact Form plugin. Successful exploitation can lead to session hijacking, defacement, phishing, or unauthorized actions performed in the context of authenticated users. This can compromise user data confidentiality and integrity, damage organizational reputation, and potentially lead to regulatory non-compliance under GDPR if personal data is exposed or manipulated. The medium severity indicates that while the vulnerability is exploitable remotely, it requires some level of user interaction and privileges, which may limit widespread automated exploitation. However, targeted attacks against high-value web portals, customer-facing services, or internal portals accessible by employees could have significant operational and reputational impacts. Additionally, the scope change in the CVSS vector suggests that the vulnerability affects components beyond the initially vulnerable module, potentially impacting other parts of the web application or user sessions.
Mitigation Recommendations
1. Immediate mitigation should include disabling or removing the NickDuncan Contact Form plugin until a security patch is released. 2. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. 3. Employ rigorous input validation and output encoding on all user-supplied data, especially in client-side scripts that manipulate the DOM. 4. Monitor web application logs and user reports for suspicious activities indicative of XSS exploitation attempts. 5. Educate users and administrators about the risks of clicking on suspicious links and the importance of reporting anomalies. 6. Once available, promptly apply official patches or updates from the vendor addressing this vulnerability. 7. Conduct security testing, including automated scanning and manual penetration testing focused on DOM-based XSS vectors, to identify and remediate similar issues in other web components. 8. Consider implementing web application firewalls (WAF) with rules targeting XSS payloads as an additional protective layer.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-03-26T09:22:01.080Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6842eddc71f4d251b5c87fd1
Added to database: 6/6/2025, 1:32:12 PM
Last enriched: 7/8/2025, 5:40:03 AM
Last updated: 8/15/2025, 11:26:40 AM
Views: 14
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.