CVE-2025-49310 describes a stored cross-site scripting vulnerability in the M A Vinoth Kumar Frontend Dashboard (versions ≤ 2.2.8). The issue is caused by improper neutralization of input during web page generation, which allows attackers to inject and store malicious scripts that execute when other users access the affected pages. The vulnerability has a CVSS 3.1 score of 6.5, reflecting network attack vector, low attack complexity, requiring privileges and user interaction, and impacts on confidentiality, integrity, and availability at a low level. No patch or official fix information is provided in the available data, and no known active exploitation has been reported.

Successful exploitation of this stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of other users, potentially leading to information disclosure, session hijacking, or other impacts on confidentiality, integrity, and availability. The CVSS score of 6.5 indicates a medium impact level. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. Until a fix is available, consider applying input validation or output encoding workarounds if feasible in the deployment environment. No vendor advisory states that no action is required or that the issue is mitigated.