This vulnerability (CVE-2025-31384) in Aviplugins Videos (versions up to 1.0.5) is caused by improper neutralization of script-related HTML tags, leading to reflected Cross-Site Scripting (XSS). An attacker can craft malicious input that is reflected by the application without proper sanitization, enabling script execution in the victim's browser. The CVSS 3.1 vector indicates the attack can be performed remotely over the network without privileges, requires user interaction, and impacts confidentiality, integrity, and availability to a low or partial degree. No patch or official remediation level has been published by the vendor, and no known exploits have been reported.

Successful exploitation can allow an attacker to execute arbitrary scripts in the context of the victim's browser session, potentially leading to information disclosure, session hijacking, or other client-side impacts. The CVSS score of 7.1 reflects a high severity with partial impacts on confidentiality, integrity, and availability. However, no active exploitation has been observed in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying web application firewall (WAF) rules to detect and block reflected XSS payloads targeting Aviplugins Videos. Additionally, avoid clicking on suspicious links that may trigger the reflected XSS. Monitor vendor channels for updates regarding patches or official mitigations.