CVE-2025-12920

Medium CVSS: 4.8

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Foxcms

Product

Foxcms

CWE

CWE-79

Yayın Tarihi

2025-11-09 23:15:46

Güncelleme

2025-11-26 15:28:00

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Foxcms MEDIUM Foxcms 2025

Referanslar

https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS2.md https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS3.md https://vuldb.com/?ctiid.331640 https://vuldb.com/?id.331640 https://vuldb.com/?submit.680851 https://vuldb.com/?submit.680852 https://vuldb.com/?submit.680853 https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS2.md https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS3.md

Benzer Kayıtlar

Medium

CVE-2025-10251

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/adm…

High

CVE-2025-56630

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Colum…

Medium

CVE-2025-56435

SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file…

High

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.

High

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbi…

High

CVE-2025-55420

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is…