CVE-2025-5420

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5420

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5420.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-5420

Aliases

GHSA-49rr-34j5-r8mw

Published

2025-06-02T00:15:20Z

Modified

2025-07-01T16:33:41.554055Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/juzaweb/cms

Affected ranges

Type: GIT
Repo: https://github.com/juzaweb/cms
Events: Introduced

8df4f9fa8c93133512f8fa7d710b7ecd4bd520ff

Last affected

5c18b5af9fc18a9cca6537bb8b62fb996a33e457

Affected versions

v3.*

v3.4

v3.4.1

v3.4.2