CVE-2025-52037
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-09-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exe-system | notescms | From 2024-05-08 (inc) to 2025-03-31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows attackers to execute arbitrary JavaScript code in the context of users viewing the affected page. Potential impacts include stealing sensitive information such as cookies, session tokens, and credentials; impersonating users; performing unauthorized actions; injecting phishing pages; spreading malware; and defacing or disrupting website functionality. [2]
Can you explain this vulnerability to me?
CVE-2025-52037 is a Stored Cross-Site Scripting (XSS) vulnerability in the NotesCMS application, specifically in the /index.php?route=sites page. It occurs because the title field of service descriptions does not properly sanitize or escape user input before storing it. An attacker can inject malicious JavaScript code into this title field, which is then saved and executed whenever users view the compromised content, allowing persistent script execution. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /index.php?route=sites page for stored XSS by attempting to inject JavaScript payloads into the title field of service descriptions. For example, you can try submitting a payload like <img src='x' onerror=alert(1);> in the title field and then observe if the script executes when viewing the page. Automated tools or manual testing with web proxies (e.g., Burp Suite) can be used to inject and detect persistent script execution. There are no specific commands provided, but using curl or browser-based testing to submit payloads and then checking the rendered page for script execution is recommended. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating NotesCMS to the fixed version that includes commit 95322c5121dbd7070f3bd54f2848079654a0a8ea dated 2025-03-31, which addresses the stored XSS vulnerability. Until the update can be applied, restrict access to the /index.php?route=sites page to trusted users only, sanitize and validate all user inputs on the title field, and consider implementing web application firewall (WAF) rules to block common XSS payloads targeting this endpoint. [1, 2]