Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Reflected Cross-Site Scripting (XSS) in Azon Dominator

Posted date 09/09/2025
Identificador
INCIBE-2025-0482
Importance
3 - Medium
Affected Resources

Azon Dominator.

Description

INCIBE has coordinated the publication of a medium-severity vulnerability affecting Azon Dominator, a PHP script that creates affiliate websites. The vulnerability was discovered by Gonzalo Aguilar García (6h4ack).

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type:

  • CVE-2025-40725: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Solution

The vulnerability has been fixed by the Azon Dominator team in the latest available version.

Detail

CVE-2025-40725: reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

CVE
Explotación
No
References list
Azon Dominator - Affiliate Marketing Script
Etiquetas