CVE-2025-68077 in Stockholm Plugin
Summary
by MITRE • 12/16/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through <= 9.14.1.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/16/2025
The CVE-2025-68077 vulnerability represents a critical cross-site scripting flaw within the Select-Themes Stockholm stockholm web application framework. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically manifesting as a stored XSS attack vector that enables malicious actors to inject persistent malicious scripts into web pages viewed by other users. The vulnerability affects versions of the stockholm framework ranging from the initial release through version 9.14.1, indicating a broad impact across multiple iterations of the software.
The technical flaw stems from inadequate input sanitization during the web page generation process within the stockholm framework. When user-supplied data is processed and rendered in web pages without proper neutralization, malicious scripts can be stored within the application's database or storage mechanisms. These stored scripts then execute automatically whenever other users access the affected web pages, creating a persistent threat that can compromise user sessions, steal sensitive information, or redirect users to malicious sites. The vulnerability exploits the framework's failure to properly escape or filter special characters and script tags that users might input through various application interfaces.
The operational impact of this stored XSS vulnerability is severe and multifaceted. Attackers can leverage this flaw to execute arbitrary JavaScript code in the context of affected users' browsers, potentially leading to session hijacking, credential theft, and data exfiltration. The stored nature of the vulnerability means that once exploited, the malicious payload remains active until manually removed from the application's database, creating a persistent threat that can affect multiple users over extended periods. This vulnerability directly aligns with ATT&CK technique T1531 for Account Access Removal and T1071.001 for Application Layer Protocol: Web Protocols, as it enables attackers to manipulate web application behavior and user sessions.
Mitigation strategies for CVE-2025-68077 should prioritize immediate implementation of input validation and output encoding measures across all user-facing interfaces within the stockholm framework. Organizations should implement comprehensive content security policies that prevent execution of unauthorized scripts and ensure all user inputs undergo rigorous sanitization before being stored or rendered in web pages. The recommended approach includes deploying web application firewalls, implementing proper HTML escaping mechanisms, and establishing strict input validation rules that reject or sanitize potentially malicious content. Additionally, regular security audits and penetration testing should be conducted to identify and remediate similar vulnerabilities within the application's codebase, following security best practices outlined in OWASP Top Ten and NIST Cybersecurity Framework guidelines.