CVE-2025-66036

Retro is vulnerable to XSS vulnerability in input handling component

Description

Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting (XSS) in the input handling component. This issue has been patched in version 2.4.7.

INFO

Published Date :

2025-11-29T01:14:38.198Z

Last Modified :

2025-12-01T14:11:12.635Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-66036 vulnerability.

Vendors	Products
Retro Project	Retro

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66036.

URL	Resource
https://github.com/Anjaliavv51/Retro/security/advisories/GHSA-gvv6-p6h6-2vj2

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact