CVE-2025-52035
Last modified
CVE-2025-52035 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08) and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Exe-System | Notescms | >= 2024-05-08, < 2025-05-31 |
References
- https://gist.github.com/yA0-Z/54322492b29d7711859913891a7ef988Third Party Advisory
- https://github.com/PrivateAccount/NotesCMS/issues/2Exploit, Issue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-52035?
How severe is CVE-2025-52035?
How do I fix CVE-2025-52035?
Are you affected by CVE-2025-52035?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST