CVE-2025-4379

May 23, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-4379
Type cve
Published 2025-05-23T10:15:20
Last Seen 2025-05-23T10:24:23

CVSS Information

Base Score 0.0 ()
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description DobryCMS versions 2.* and lower are vulnerable to Reflected XSS due to improper input validation in the szukaj parameter. This allows attackers to execute arbitrary JavaScript in the victim’s browser by crafting a malicious URL. A hotfix was released on 29.04.2025 to address this issue without a version increment.
AI Severity Medium
Vendor DobryCMS
Product DobryCMS
Affected Version 2.* and lower

Additional Information

CVE List CVE-2025-4379
CWE List CWE-79
Bulletin Family cve

Description

DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim’s browser when specially crafted URL is opened.

A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version.

CVSS Score Summary

Base Score: %!f(string=#) ()

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.