CNNVD-202508-3087 Information

CNNVD ID

CNNVD-202508-3087

Related CVE

CVE-2025-52037

• CNNVD Published: 2025-08-26

Description (Chinese)

NotesCMS是Fullstack WebDev开源的一个功能齐全的内容管理系统。 NotesCMS存在安全漏洞，该漏洞源于/index.php?route=sites页面标题处理不当，可能导致存储型跨站脚本攻击。

Description (English)

NotesCMS is a fully functional content management system for Fullstack WebDev. There is a security loophole in NotesCMS, which stems from inappropriate handling of the title of the page /index.php?route=sites, which could lead to a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Fullstack WebDev

Published

2025-08-26

Last Modified

2026-02-24

References

https://github.com/PrivateAccount/NotesCMS/issues/3 https://gist.github.com/yA0-Z/eb6cd89398abff716c70866fa873dbde https://nvd.nist.gov/vuln/detail/CVE-2025-52037

Patch

https://github.com/PrivateAccount/NotesCMS/commit/95322c5121dbd7070f3bd54f2848079654a0a8ea