2 matches found
CVE-2025-63644
CVE-2025-63644 is a stored XSS in pH7Software pH7-Social-Dating-CMS 17.9.1, specifically in the user profile Description field. The CVE entry lists CVSS v3.1 details: AV:N, AC:L, PR:L, UI:R, S:C, C:L/I:L, A:N with a base score of 5.4 (Medium). The root cause is a vulnerability in the Description ...
CVE-2025-63645
CVE-2025-63645 is a stored XSS in pH7Software pH7-Social-Dating-CMS 17.9.1, affecting the messaging system where unsanitized message content is persisted and later rendered in Inbox view without proper encoding, allowing attacker-controlled content to execute in a recipient’s browser. Public docs...