MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2025-1105

CVSS 5.3v4.0pub. 2025-02-07upd. 2025-11-04

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Siberiancms

    APP
    Siberiancms
    4.20.6
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-41702CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w SiberianCMS β€” krytyczna podatnoΕ›Δ‡ bazy danych

CVE-2023-39375HIGH7.5ten sam produkt

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges

CVE-2023-39377HIGH7.2ten sam produkt

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative...

CVE-2023-39378HIGH8.8ten sam produkt

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') b...

CVE-2023-39376MEDIUM6.5ten sam produkt

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network...

CVE-2025-1105 β€” Siberiancms β€” MEDIUM β€” CVSS 5.3 | CVEbaza.pl