CVE-2025-55420

High CVSS: 8.8

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input.

Vendor

Foxcms

Product

Foxcms

CWE

CWE-79

Yayın Tarihi

2025-08-21 16:15:34

Güncelleme

2025-09-09 19:12:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Foxcms HIGH Foxcms 2025

Referanslar

https://www.notion.so/FoxCMS-V1-2-6-Reflected-XSS-in-index-php-2222b2fd021080589d27ef8e1b9ebd86?source=copy_link

Benzer Kayıtlar

Medium

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the fil…

Medium

CVE-2025-10251

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/adm…

High

CVE-2025-56630

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Colum…

Medium

CVE-2025-56435

SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file…

High

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.

High

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbi…