CVE-2025-32999 MEDIUM

CVE-2025-32999

Vendor Appleple Inc.
Product a-blog cms
Weakness CWE-79 · XSS
Published May 19, 2025
Last update May 19, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Key dates

02Disclosure timeline

May 19, 2025 CVE published
May 19, 2025 Record updated