CVE-2025-52037
Last modified
CVE-2025-52037 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Exe-System | Notescms | >= 2024-05-08, < 2025-03-31 |
References
- https://gist.github.com/yA0-Z/eb6cd89398abff716c70866fa873dbdeThird Party Advisory
- https://github.com/PrivateAccount/NotesCMS/issues/3Issue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-52037?
How severe is CVE-2025-52037?
How do I fix CVE-2025-52037?
Are you affected by CVE-2025-52037?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST