exploitDog

CVE-2025-55420

Опубликовано: 21 авг. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input.

Ссылки

https://www.notion.so/FoxCMS-V1-2-6-Reflected-XSS-in-index-php-2222b2fd021080589d27ef8e1b9ebd86?source=copy_link
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:foxcms:foxcms:1.2.6:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00126

Низкий

8.8 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-x4w6-26rw-r6h9

CVSS3: 8.8

github

6 месяцев назад

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input.

EPSS

Процентиль: 33%

0.00126

Низкий

8.8 High

CVSS3

Дефекты

CWE-79