CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.1%

CVSS Severity

CVSS v3 Score 2.4

CVSS v2 Score 3.3

References

https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS2.md
https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS3.md
https://vuldb.com/?ctiid.331640
https://vuldb.com/?id.331640
https://vuldb.com/?submit.680851
https://vuldb.com/?submit.680852
https://vuldb.com/?submit.680853
https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS2.md
https://github.com/21151213732/CVE/blob/main/FoxCMS-XSS3.md

Products affected by CVE-2025-12920

Foxcms » Foxcms » Version: Any

cpe:2.3:a:foxcms:foxcms:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-12920

Products

Pricing

Contact Us