CVE-2025-0871 MEDIUM

CVE-2025-0871: Maybecms Add Article index.php cross site scripting

Vendor N/A
Product Maybecms
Weakness CWE-79 · XSS
Published January 30, 2025
Last update February 12, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the argument data_info[content] leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

January 30, 2025 CVE published
February 12, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-28907 WordPress WP Last Modified plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-8721 Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-0671 Multiple stored i18n/message-key XSSes in UploadWizard CVE-2024-10233 SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode CVE-2020-36526 Countdown Timer Macro cross site scripting