CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-55420

FoxCMS v1.2.6 is affected by a Reflected XSS in the /index.php endpoint. The issue stems from unsanitized reflection of a crafted script via a GET request, enabling execution of arbitrary JavaScript when a logged-in user submits the malicious input. CVSSv3.1 base score 8.8 (HIGH) with NETWORK att...

PT-2025-34231 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: A Reflected Cross Site Scripting XSS vulnerability exists in the /index.php endpoint of the software. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response,...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. A security vulnerability exists in FoxCMS v1.2.6, which stems from a reflective cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-50692

FoxCMS =v1.2.5 is vulnerable to Code Execution in admin/templatefile/editFile.html...

CVE-2025-50692

FoxCMS =v1.2.5 is vulnerable to Code Execution in admin/templatefile/editFile.html...

CVE-2025-50692

FoxCMS =v1.2.5 is vulnerable to Code Execution in admin/templatefile/editFile.html...

CVE-2025-50692

FoxCMS =v1.2.5 is vulnerable to Code Execution in admin/templatefile/editFile.html...

PT-2025-32304 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS versions prior to 1.2.5 Description: FoxCMS is susceptible to code execution via the admin/template file/editFile.html endpoint. Recommendations: Update FoxCMS to a version later than 1.2.5...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS 1.2.5 and earlier versions, which originates from a code execution vulnerability in admin/templatefile/editFile.html...

CVE-2025-50692

FoxCMS =v1.2.5 is vulnerable to Code Execution in admin/templatefile/editFile.html...

CVE-2025-50692

CVE-2025-50692 affects FoxCMS versions up to and including 1.2.5, with a Code Execution vulnerability in admin/template_file/editFile.html. Root cause: the endpoint permits arbitrary code execution due to insecure handling of file/template edits. Impact, per the cited CVSS data, is high across co...

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2025-7568

A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has be...