CVE Catalog

CVE-2025-52367

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
3.84%

89th percentile - higher than 89% of all known CVEs

Summary

A Cross Site Scripting vulnerability was found in PivotX CMS version 3.0.0 RC 3. This flaw allows a remote attacker to execute arbitrary JavaScript code via the subtitle field.

Risk Assessment

An attacker can inject a malicious script that executes in the browser of an administrator or user, potentially leading to session hijacking, website defacement, or data theft.

Recommendation

Immediately update PivotX CMS to the latest stable version that includes a fix for this vulnerability. If no update is available, manually sanitize input in the subtitle field.

Original NVD description (English source)

Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS