CVE-2025-52367
MediumCVSS 5.4Exploitation Probability (EPSS)
High risk89th percentile - higher than 89% of all known CVEs
Summary
A Cross Site Scripting vulnerability was found in PivotX CMS version 3.0.0 RC 3. This flaw allows a remote attacker to execute arbitrary JavaScript code via the subtitle field.
Risk Assessment
An attacker can inject a malicious script that executes in the browser of an administrator or user, potentially leading to session hijacking, website defacement, or data theft.
Recommendation
Immediately update PivotX CMS to the latest stable version that includes a fix for this vulnerability. If no update is available, manually sanitize input in the subtitle field.
Original NVD description (English source)
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.

