CVE-2025-40727 MEDIUM

CVE-2025-40727: Reflected Cross-Site Scripting (XSS) in Phoenix CMS

Vendor Phoenix Bv

Product Phoenix CMS

Weakness CWE-79 · XSS

Published June 16, 2025

Last update June 16, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.

Key dates

02Disclosure timeline

June 16, 2025 CVE published

June 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40727

Related vulnerabilities

04Related CVE

CVE-2026-39333 ChurchCRM has Reflected XSS in DateStart/DateEnd parameters in FindFundRaiser.php CVE-2023-35131 Moodle: xss risk on groups page CVE-2024-8610 SourceCodester Best House Rental Management System New Tenant Page index.php cross site scripting CVE-2025-28921 WordPress SpatialMatch IDX plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-3768 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack