exploitDog

CVE-2025-32999

Опубликовано: 19 мая 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Ссылки

https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html
Vendor Advisory
https://jvn.jp/en/vu/JVNVU90760614/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.0.47 (исключая)

cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.43 (исключая)

EPSS

Процентиль: 12%

0.00041

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8wqw-fgqf-9mf2

CVSS3: 5.4

github

9 месяцев назад

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

EPSS

Процентиль: 12%

0.00041

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79