Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Reflected Cross-Site Scripting (XSS) in Phoenix CMS

Posted date 16/06/2025
Identificador
INCIBE-2025-0320
Importance
3 - Medium
Affected Resources

Phoenix CMS.

Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting Phoenix CMS by Phoenix BV. The vulnerability was discovered by Gonzalo Aguilar Garcia (6h4ack). 

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

  • CVE-2025-40727: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N. | CWE-79.
Solution

There is no reported solution at this time.

Detail

CVE-2025-40727: A Reflected Cross Site Scripting (XSS) vulnerability was found in /search in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via s GET parameter.

References list
Phoenix
Etiquetas