CVE-2025-56435

SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id...

PT-2025-35784

Name of the Vulnerable Software and Affected Versions: FoxCMS versions prior to 1.2.6 Description: FoxCMS is susceptible to a SQL Injection issue in versions prior to 1.2.6. This allows a remote attacker to potentially execute arbitrary code through the /DataBackup.php file by manipulating the id...

CVE-2025-56435

SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id...

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting XSS vulnerability in /index.php/plus...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting XSS vulnerability in /index.php/plus...

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting XSS vulnerability in /index.php/plus...

CVE-2025-55422

FoxCMS 1.2.6 contains a reflected Cross Site Scripting (XSS) vulnerability in the /index.php/plus endpoint. The issue is documented across multiple feeds (CVE-2025-55422) and is treated as a reflected XSS with high impact on confidentiality, integrity, and availability (per CVSS v3.1: AV:N/AC:L/P...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS version 1.2.6, which originates from improper handling of /index.php/plus, and could lead to a reflective cross-site scripting attack...

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting XSS vulnerability in /index.php/plus...

CVE-2025-55422

In FoxCMS 1.2.6, there is a reflected Cross Site Scripting XSS vulnerability in /index.php/plus...

PT-2025-34907 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: FoxCMS is susceptible to a reflected Cross Site Scripting XSS issue in the /index.php/plus endpoint. Recommendations: As a temporary workaround, consider restricting access to the /index.php/plus endpoint unt...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

CVE-2025-55409

CVE-2025-55409 concerns FoxCMS 1.2.6, which has a Cross-Site Scripting vulnerability in the /index.php/article endpoint that can lead to arbitrary code execution. Technical details across sources specify the affected software and component, and the underlying issue is a reflected/persistent XSS i...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS version 1.2.6, which originates from the presence of cross-site scripting in index.phpparticle, which may lead to the execution of arbitrary code...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

PT-2025-34666 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: FoxCMS version 1.2.6 contains a Cross Site Scripting issue in the /index.php/article endpoint. This allows attackers to execute arbitrary code. Recommendations: As a temporary workaround, consider restricting...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...