Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-44024

Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process

Published

2025-05-14T21:15:59.077

Last Modified

2025-05-16T14:43:26.160

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

References

https://github.com/zyx0814/Pichome/issues/50 ([email protected])
https://github.com/zyx0814/Pichome/issues/50 (134c704f-9b21-4f2e-91b3-4a467353bcc0)