CVE-2025-52036
MEDIUM EPSS 9.2%
Published Aug 26, 202510mo ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Published Aug 26, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
Description
A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
9.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| exe-system | notescms | * | ≥2024-05-08 – <2025-03-31 |
References 2
- gist.github.com https://gist.github.com/yA0-Z/aeea5af372fec0085c6a4a7bb9c6bc8e
- github.com https://github.com/PrivateAccount/NotesCMS/issues/1
Remediation
- github.com https://github.com/PrivateAccount/NotesCMS/issues/1