CVE-2025-58965 is a medium severity Stored Cross-Site Scripting (XSS) vulnerability identified in the Fusion Page Builder : Extension – Gallery developed by Agency Dominion Inc. This vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. Specifically, the extension fails to adequately sanitize or encode user-supplied input before rendering it on web pages, allowing malicious scripts to be stored and subsequently executed in the context of users visiting the affected pages. The vulnerability affects versions up to and including 1.7.6, with no fixed versions currently indicated. The CVSS 3.1 base score is 6.5, reflecting a network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact includes partial loss of confidentiality, integrity, and availability, as attackers can execute arbitrary scripts that may steal session tokens, manipulate page content, or perform actions on behalf of users. Although no known exploits are reported in the wild yet, the nature of stored XSS makes it a significant risk, especially for websites relying on this extension to build galleries or visual content. The vulnerability is particularly dangerous in multi-user environments where authenticated users can inject malicious payloads that affect other users. The lack of a patch or mitigation guidance from the vendor increases the urgency for organizations to implement compensating controls.

For European organizations, this vulnerability poses a risk to web applications using the Fusion Page Builder : Extension – Gallery, especially those that allow authenticated users to upload or manage gallery content. Exploitation could lead to session hijacking, defacement, or unauthorized actions performed with the privileges of legitimate users, potentially resulting in data breaches or reputational damage. Given the scope change, attackers might leverage this vulnerability to escalate privileges or pivot within the affected web infrastructure. Organizations in sectors such as e-commerce, media, education, and government that utilize this extension for content management could face operational disruptions and compliance issues under GDPR if personal data is compromised. The requirement for low privileges and user interaction means that insider threats or compromised accounts could be leveraged to exploit this vulnerability. The absence of known exploits currently provides a window for proactive mitigation, but the widespread use of page builder extensions in CMS platforms across Europe means the attack surface is significant.

1. Immediate mitigation should include disabling or restricting access to the Fusion Page Builder : Extension – Gallery component until a vendor patch is available. 2. Implement strict input validation and output encoding on all user-supplied content related to gallery inputs, using context-aware encoding libraries to prevent script injection. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. 4. Monitor web application logs for unusual input patterns or script injection attempts targeting gallery pages. 5. Enforce the principle of least privilege for users who can upload or modify gallery content to minimize the risk of exploitation. 6. Conduct regular security assessments and penetration tests focusing on web application components handling user input. 7. Educate users and administrators about the risks of XSS and the importance of cautious interaction with web content. 8. Stay alert for vendor updates or patches and plan for timely deployment once available.