What is the severity of CVE-2025-26756?

CVE-2025-26756 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2025-26756 | High Vulnerability in grimdonkey Magic the Gathering Card Tooltips

CVE-2025-26756 is a high-severity stored Cross-site Scripting (XSS) vulnerability in the grimdonkey Magic the Gathering Card Tooltips. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users. The affected versions include all versions up to and including 3.5.0. Organizations using the affected product should take immediate action to mitigate the potential risks.

With a CVSS score of 7.1, this vulnerability poses a significant risk to organizations. Attackers may leverage this vulnerability to execute arbitrary scripts in the context of a user's session, leading to unauthorized actions. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation.

As of now, there are no known exploits or public proof of concepts available for this vulnerability. However, it remains critical for organizations to prioritize patching immediately to prevent potential exploitation.

Given the nature of XSS attacks, organizations should also consider implementing additional security measures to reduce exposure to such vulnerabilities in the future.

Vulnerability Details

The vulnerability arises from improper neutralization of user input during web page generation, specifically in the grimdonkey Magic the Gathering Card Tooltips. This allows an attacker to store malicious scripts that can affect users who view the tooltips.

The CVSS score of 7.1 indicates a high severity level, and its classification as a network attack with low complexity means that it can be exploited without significant effort. The attack requires user interaction, as the victim must view the manipulated content.

The issue affects all versions of the Magic the Gathering Card Tooltips plugin up to version 3.5.0. The publication date of the vulnerability was February 22, 2025.

Technical Analysis

The root cause of CVE-2025-26756 lies in improper sanitization of user inputs, which allows malicious scripts to be stored and executed in the context of a user’s session. The attack vector is network-based, indicating that an attacker can exploit this vulnerability remotely.

The attack complexity is low, which means that an exploit can be executed with minimal effort. There are no privileges required to exploit this vulnerability, and user interaction is necessary as the user must trigger the execution of the malicious script.

In terms of impact, the confidentiality, integrity, and availability impacts are all categorized as low. However, the potential for an XSS attack to compromise user data and session information remains a serious concern.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized actions by attackers leveraging this stored XSS vulnerability. The blast radius could extend to all users of the affected application, making this a critical issue.

Organizations should address this vulnerability in priority patch cycles, given the high CVSS score and the potential for exploitation. The lack of known exploits does not mitigate the urgency of remediation.

Furthermore, the EPSS score of 0.000750000 indicates a low probability of exploitation in the near term, which should not lead to complacency in addressing this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of the grimdonkey Magic the Gathering Card Tooltips plugin prior to version 3.5.0.

Mitigation & Remediation

Organizations should prioritize applying the latest patches to the grimdonkey Magic the Gathering Card Tooltips plugin. For environments where immediate patching is not possible, consider implementing input validation and output encoding to mitigate XSS vulnerabilities.

For further assistance, organizations may consider engaging in penetration testing to identify similar weaknesses.

Detection Guidance

Organizations should monitor web application logs for unusual input patterns and script injections. Behavioral anomalies in user sessions may also indicate attempted exploitation of this vulnerability.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-26756 lies in the ongoing risk posed by XSS vulnerabilities in web applications. Security teams must remain vigilant, as such vulnerabilities can lead to severe data breaches and compromise user trust.

This incident underscores the importance of continuous security assessments and the need for organizations to have effective vulnerability management programs in place to identify and remediate vulnerabilities promptly.

Moreover, organizations should evaluate their security posture and consider adopting penetration testing methodologies to proactively identify and mitigate risks before they can be exploited.

Organizations should also stay informed about emerging trends in web application vulnerabilities to ensure they are prepared for future threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-26756: High Vulnerability in grimdonkey Magic the Gathering Card Tooltips