Description

A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.

INFO

Published Date :

2025-08-26T00:00:00.000Z

Last Modified :

2025-08-26T15:26:10.222Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52036 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52036.

URL Resource
https://gist.github.com/yA0-Z/aeea5af372fec0085c6a4a7bb9c6bc8e cve-icon cve-icon
https://github.com/PrivateAccount/NotesCMS/issues/1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System