CVE Catalog

CVE-2025-60837

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload.

Risk Assessment

An attacker can hijack user sessions, steal credentials, or perform other malicious actions within the victim's browser context.

Recommendation

Update MCMS to the latest patched version immediately. Until then, validate and sanitize all user inputs.

Original NVD description (English source)

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS