Impact
PublicCMS V5.202506.d contains a flaw that allows the injection of arbitrary JavaScript into the site configuration management module. The vulnerability arises from insufficient input sanitization, enabling an attacker to execute client‑side code in the browsers of anyone who views the affected configuration pages. This could result in defacement, credential theft, session hijacking, or delivery of additional malware via injected scripts.
Affected Systems
The affected product is PublicCMS V5.202506.d. No additional vendors, product sub‑lines, or alternative version ranges are specified in the available data.
Risk and Exploitability
The CVSS score of 6.1 classifies the vulnerability as medium severity. Its EPSS score of less than 1% indicates a very low probability of exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is the web interface, so any user who can access the configuration management module may be targeted. Successful exploitation would allow an attacker to run arbitrary JavaScript that could harvest credentials, inject further malicious content, or otherwise compromise the integrity of the site from the client side.
OpenCVE Enrichment