CVE-2025-47442 describes a stored cross-site scripting vulnerability in the CC BMI Calculator product up to version 2.1.0. The issue is caused by improper neutralization of input during web page generation, which allows an attacker with low privileges and requiring user interaction to inject malicious scripts that execute in the context of other users. The vulnerability affects confidentiality, integrity, and availability to a limited degree. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction required, and scope changed. No patch or vendor advisory details are currently provided.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of other users, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with input handling and consider implementing temporary mitigations such as input validation or output encoding where feasible. Monitor vendor communications for updates and apply patches promptly once available.