CVE-2025-9728 MEDIUM

CVE-2025-9728: givanz Vvveb login.tpl cross site scripting

Vendor Givanz
Product Vvveb
Weakness CWE-79 · XSS
Published August 31, 2025
Last update September 2, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is bbd4c42c66ab818142240348173a669d1d2537fe. Applying a patch is advised to resolve this issue.

Key dates

02Disclosure timeline

August 31, 2025 CVE published
September 2, 2025 Record updated