CVE-2025-3789 MEDIUM

CVE-2025-3789: baseweb JSite save cross site scripting

Vendor Baseweb

Product JSite

Weakness CWE-79 · XSS

Published April 18, 2025

Last update April 18, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

April 18, 2025 CVE published

April 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3789 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-4721 Campcodes Complete Web-Based School Management System add_student_subject.php cross site scripting CVE-2025-8199 MarqueeAddons <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget CVE-2024-37953 WordPress MBE eShip plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-68864 WordPress Infility Global plugin <= 2.15.11 - Cross Site Scripting (XSS) vulnerability CVE-2024-3345 ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode