Description

CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` due to insufficient input validation on the `priority` field during ticket creation and unsafe rendering of this field in the moderator panel. Version 1.0 contains a patch for the issue.

INFO

Published Date :

2025-02-11T22:47:43.890Z

Last Modified :

2025-02-12T15:34:14.901Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-25203 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25203.

URL Resource
https://github.com/Ctrlpanel-gg/panel/commit/393cbde662c7e54829e296eb5815794490d925c7 cve-icon cve-icon
https://github.com/Ctrlpanel-gg/panel/security/advisories/GHSA-2q43-grv2-jxwh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact