Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows Reflected XSS.This issue affects Silvasoft boekhouden: from n/a through <= 3.0.6.
Published: 2025-04-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This is an Improper Neutralization of Input During Web Page Generation (CWE‑79) flaw that allows a reflected XSS attack. The Silvasoft boekhouden plugin echoes user‑supplied data into web pages without proper sanitization. An attacker who can create a URL containing malicious payload can cause arbitrary JavaScript to run in the victim’s browser with the privileges of the page visitor, potentially exposing personal data or session information.

Affected Systems

All installations of the Silvasoft boekhouden WordPress plugin with versions up to and including 3.0.6 are affected. Since the plugin is a WordPress extension, any WordPress site that has the vulnerable plugin installed is vulnerable. The issue is confined to the plugin code and does not depend on the underlying operating system or web‑server configuration.

Risk and Exploitability

The flaw holds a CVSS base score of 7.1, reflecting a high level of risk. The EPSS score of less than 1% indicates that current exploitation probability is low. It is not listed in CISA’s KEV catalog. Attackers would most likely exploit the vulnerability by directing a user to a crafted link that triggers the unsanitized input to be reflected, requiring no special credentials or privileged access.

Generated by OpenCVE AI on May 2, 2026 at 02:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Silvasoft boekhouden plugin to a version newer than 3.0.6 once an official patch from silvasoft is available.
  • If an upgrade is not possible, disable or delete the plugin to eliminate the vulnerable code from the site.
  • Implement a Content Security Policy that restricts execution of inline scripts to mitigate the impact while a patch is pending.

Generated by OpenCVE AI on May 2, 2026 at 02:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11650 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5.
History

Fri, 24 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows Reflected XSS.This issue affects Silvasoft boekhouden: from n/a through <= 3.0.6.
Title WordPress Silvasoft boekhouden plugin <= 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability WordPress Silvasoft boekhouden plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Thu, 17 Apr 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5.
Title WordPress Silvasoft boekhouden plugin <= 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:23.198Z

Reserved: 2025-04-09T11:19:20.928Z

Link: CVE-2025-32504

cve-icon Vulnrichment

Updated: 2025-04-17T18:05:11.080Z

cve-icon NVD

Status : Deferred

Published: 2025-04-17T16:15:39.610

Modified: 2026-04-23T15:29:00.190

Link: CVE-2025-32504

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T02:15:31Z

Weaknesses