Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55420

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input.

Published

2025-08-21T16:15:34.050

Last Modified

2025-09-09T19:12:12.917

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	foxcms	foxcms	1.2.6	Yes

References

https://www.notion.so/FoxCMS-V1-2-6-Reflected-XSS-in-index-php-2222b2fd021080589d27ef8e1b9ebd86?source=copy_link Exploit, Third Party Advisory ([email protected])