CVE-2025-11306

Medium CVSS: 5.3

A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the argument keyword results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Qianfox

Product

Foxcms

CWE

CWE-79

Yayın Tarihi

2025-10-05 22:15:32

Güncelleme

2025-10-07 17:06:09

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Foxcms MEDIUM Qianfox 2025

Referanslar

https://github.com/coolcj-stack/FoxCMS-V1.2-is-vulnerable-to-cross-site-scripting-attacks.-There-is-an-XSS-vulnerability https://vuldb.com/?ctiid.327187 https://vuldb.com/?id.327187 https://vuldb.com/?submit.661874 https://github.com/coolcj-stack/FoxCMS-V1.2-is-vulnerable-to-cross-site-scripting-attacks.-There-is-an-XSS-vulnerability

Benzer Kayıtlar

Medium

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to…

Medium

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function ba…

Medium

CVE-2025-6094

A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the…

Critical

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.

Medium

CVE-2025-45239

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.

Medium

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.