CVE-2025-52169
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| agorum | agorum_core_open | 11.10.1 |
| agorum | agorum_core_open | 11.9.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52169 is a reflected cross-site scripting (XSS) vulnerability in agorum core open versions prior to 11.9.2 and 11.10.1. It occurs due to insufficient input sanitization and output encoding in multiple parameters and endpoints, allowing attackers to inject malicious JavaScript code that is reflected and executed in the victim's browser. This can happen, for example, via a crafted HTTP GET request with a malicious userName parameter to certain endpoints. [1]
How can this vulnerability impact me? :
This vulnerability can lead to session compromise, credential theft, or content defacement by executing malicious scripts in the context of the victim's browser. Attackers can exploit it to hijack user sessions or steal sensitive information, potentially causing significant security breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP GET requests to the vulnerable endpoints with malicious payloads in parameters such as 'userName' to check if the input is reflected and executed. For example, testing the endpoint /roiwebui/roiwebui_module/BeginSSOLogin.jsp with a script injection in the userName parameter can reveal the vulnerability. Commands using curl to test might look like: curl -v 'http://target/roiwebui/roiwebui_module/BeginSSOLogin.jsp?userName=<script>alert(1)</script>'. Similar tests can be performed on other vulnerable endpoints like OpenDocumentMessage.jsp, ShowSSOMessageBox.jsp, SSO.jsp, etc. Observing if the injected script is reflected in the response indicates the presence of the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the agorum core open software to fixed versions 11.9.2 or 11.10.1. Additionally, implementing robust input validation and context-aware output encoding for all user-supplied data can help prevent exploitation. Using security-focused development frameworks or libraries with built-in XSS protections is also recommended. [1]