CVE-2025-32999

Medium CVSS: 4.8

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Vendor

Appleple

Product

A-blog Cms

CWE

CWE-79

Yayın Tarihi

2025-05-19 09:15:24

Güncelleme

2025-09-30 19:20:42

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-79 A-blog Cms MEDIUM Appleple 2025

Referanslar

https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html https://jvn.jp/en/vu/JVNVU90760614/

Benzer Kayıtlar

Low

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remot…

Medium

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This…

Critical

CVE-2025-36560

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a…

High

CVE-2025-29461

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ p…

High

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbi…