CNNVD-202511-873 Information
CNNVD ID
CNNVD-202511-873
Related CVE
- CNNVD Published: 2025-11-09
Description (Chinese)
FoxCMS是中国黔狐(FoxCMS)公司的一套可免费商用开源的内容管理系统。 FoxCMS 1.2.16及之前版本存在代码注入漏洞,该漏洞源于对文件app/admin/controller/Product.php中参数Title的错误操作,可能导致跨站脚本攻击。
Description (English)
FoxCMS is a free, commercial, open-source content management system for the Chinese company FoxCMS. FoxCMS 1.2.16 and previous versions have a code-in-the-code loophole, which stems from the wrong operation of Title, the parameter in fileapp/admin/controller/Produc.php, which could result in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
黔狐
Published
2025-11-09
Last Modified
2026-02-24
References
https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS3.md https://vuldb.com/?submit.680851 https://vuldb.com/?ctiid.331640 https://vuldb.com/?submit.680852 https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS2.md https://vuldb.com/?submit.680853 https://vuldb.com/?id.331640 https://access.redhat.com/security/cve/cve-2025-12920
Share on: