- Description
- Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
- Source
- vultures@jpcert.or.jp
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- vultures@jpcert.or.jp
- CWE-79
- Hype score
- Not currently trending
CVE-2025-32999 Cross-Site Scripting in a-blog cms Prior to Versions 3.1.43 and 3.0.47 https://t.co/mABn5tcLyM
@VulmonFeeds
19 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32999 Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry edi… https://t.co/qAt2EDQ09S
@CVEnew
19 May 2025
294 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes