A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input.
Metrics
Affected Vendors & Products
References
History
Sat, 23 Aug 2025 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Foxcms
Foxcms foxcms |
|
Vendors & Products |
Foxcms
Foxcms foxcms |
Thu, 21 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Thu, 21 Aug 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-21T15:49:04.916Z
Reserved: 2025-08-13T00:00:00.000Z
Link: CVE-2025-55420

Updated: 2025-08-21T15:48:57.026Z

Status : Awaiting Analysis
Published: 2025-08-21T16:15:34.050
Modified: 2025-08-22T18:09:17.710
Link: CVE-2025-55420

No data.

Updated: 2025-08-23T11:53:22Z