CVE-2025-55420

{"id": "CVE-2025-55420", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-08-21T16:15:34.050", "references": [{"url": "https://www.notion.so/FoxCMS-V1-2-6-Reflected-XSS-in-index-php-2222b2fd021080589d27ef8e1b9ebd86?source=copy_link", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) reflejado en /index.php de FoxCMS v1.2.6. Cuando se env\u00eda un script manipulado mediante una solicitud GET, se refleja sin sanear en la respuesta HTML. Esto permite la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario cuando un usuario conectado env\u00eda la entrada maliciosa."}], "lastModified": "2025-09-09T19:12:12.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxcms:foxcms:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1F21EDE-BF53-4CEE-8D13-BD5D9647AC17"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}