HTML injection in Vox Media’s Chorus CMS

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title HTML injection in Vox Media’s Chorus CMS
Type cve
Published 2025-07-28T10:28:30.800Z
Modified 2025-07-28T10:40:41.934Z

Product Information

Vendor Vox Media
Product Chorus CMS
Version all versions

CVSS Information

Base Score 4.8 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Products

  • Vox Media Chorus CMS all versions

Additional Information

CWE List CWE-79
Source INCIBE

Description

HTML injection in Vox Media’s Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the ‘q’ parameter in ‘/search’. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.