fkie_cve-2025-4379
Vulnerability from fkie_nvd
Published
2025-05-23 10:15
Modified
2025-05-23 15:54
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version.
References
cvd@cert.plhttps://cert.pl/en/posts/2025/05/CVE-2025-4379
cvd@cert.plhttps://cert.pl/posts/2025/05/CVE-2025-4379
cvd@cert.plhttps://studiofabryka.pl/Systemy_CMS.html
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim\u0027s browser when specially crafted URL is opened.\n\nA hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version."
    },
    {
      "lang": "es",
      "value": "DobryCMS en las versiones 2.* y anteriores es vulnerable a ataques de Cross-Site Scripting (XSS) reflejado. La validaci\u00f3n incorrecta de la entrada en el par\u00e1metro szukaj permite la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima al abrir una URL especialmente manipulada. El 29/04/2025 se public\u00f3 una correcci\u00f3n para las versiones afectadas. Esta correcci\u00f3n elimina la vulnerabilidad sin actualizar la versi\u00f3n."
    }
  ],
  "id": "CVE-2025-4379",
  "lastModified": "2025-05-23T15:54:42.643",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cvd@cert.pl",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-23T10:15:20.963",
  "references": [
    {
      "source": "cvd@cert.pl",
      "url": "https://cert.pl/en/posts/2025/05/CVE-2025-4379"
    },
    {
      "source": "cvd@cert.pl",
      "url": "https://cert.pl/posts/2025/05/CVE-2025-4379"
    },
    {
      "source": "cvd@cert.pl",
      "url": "https://studiofabryka.pl/Systemy_CMS.html"
    }
  ],
  "sourceIdentifier": "cvd@cert.pl",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cvd@cert.pl",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.