CVE Catalog
CVE-2025-52206
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk0.21%
12th percentile - higher than 12% of all known CVEs
Summary
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. This allows an attacker to inject malicious scripts into the administrator's browser.
Risk Assessment
An attacker could hijack the admin session, steal credentials, or perform unauthorized actions in the hosting management panel.
Recommendation
Immediately update ISPConfig to the latest version and apply input filtering for data displayed on the system status page.
Original NVD description (English source)
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.

