CVE-2025-52462 MEDIUM

CVE-2025-52462

Vendor Qualitia Co., Ltd.

Product Active! mail 6

Weakness CWE-79 · XSS

Published July 2, 2025

Last update July 2, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL.

Key dates

02Disclosure timeline

July 2, 2025 CVE published

July 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-52462

Related vulnerabilities

04Related CVE

CVE-2023-2170 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2023-2318 MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution CVE-2026-27363 WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication CVE-2024-10743 PHPGurukul Online Shopping Portal editable_ajax.php cross site scripting

Identifiers

CVE CVE-2025-52462

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Qualitia Co., Ltd.

Product Active! mail 6

Affected BuildInfo: 6.30.01004145 to 6.60.06008562