A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version.
No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-28013 | DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version. |
Fri, 23 May 2025 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 23 May 2025 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version. | |
| Title | Reflected XSS in DobryCMS | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2025-05-23T12:13:45.256Z
Reserved: 2025-05-06T10:06:58.896Z
Link: CVE-2025-4379
Updated: 2025-05-23T12:13:41.038Z
Status : Deferred
Published: 2025-05-23T10:15:20.963
Modified: 2026-06-17T09:33:09.203
Link: CVE-2025-4379
No data.
OpenCVE Enrichment
No data.
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD