Description
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
Published: 2026-06-15
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PublicCMS V5.202506.d contains a flaw that allows the injection of arbitrary JavaScript into the site configuration management module. The vulnerability arises from insufficient input sanitization, enabling an attacker to execute client‑side code in the browsers of anyone who views the affected configuration pages. This could result in defacement, credential theft, session hijacking, or delivery of additional malware via injected scripts.

Affected Systems

The affected product is PublicCMS V5.202506.d. No additional vendors, product sub‑lines, or alternative version ranges are specified in the available data.

Risk and Exploitability

The CVSS score of 6.1 classifies the vulnerability as medium severity. Its EPSS score of less than 1% indicates a very low probability of exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is the web interface, so any user who can access the configuration management module may be targeted. Successful exploitation would allow an attacker to run arbitrary JavaScript that could harvest credentials, inject further malicious content, or otherwise compromise the integrity of the site from the client side.

Generated by OpenCVE AI on June 18, 2026 at 01:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest patched version of PublicCMS
  • Limit access to the configuration management module with network‑level controls or IP whitelisting
  • Implement strict input validation and output encoding for all configuration fields

Generated by OpenCVE AI on June 18, 2026 at 01:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Publiccms
Publiccms publiccms
Vendors & Products Publiccms
Publiccms publiccms

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title PublicCMS V5.202506.d Cross‑Site Scripting in Configuration Module

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title PublicCMS V5.202506.d Cross‑Site Scripting in Configuration Module

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
References

Subscriptions

Publiccms Publiccms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T17:13:23.600Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36521

cve-icon Vulnrichment

Updated: 2026-06-16T16:59:06.435Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T20:16:25.793

Modified: 2026-06-16T19:16:35.683

Link: CVE-2026-36521

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T09:36:03Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')