Executive Summary

CVE-2025-52161 is a cross-site scripting (XSS) vulnerability in Scholl Communications AG Weblication CMS Core version 019.004.000.000. It allows unauthenticated attackers to inject persistent malicious JavaScript code into the admin panel via specially crafted URLs. This code is stored persistently on the affected page, which can lead to security risks such as unauthorized actions or data theft. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of the admin panel, potentially leading to unauthorized access, data theft, session hijacking, or manipulation of the CMS content. Since the injected code is persistent, it poses a significant ongoing security risk until the system is patched. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing the admin panel of Weblication CMS Core version 019.004.000.000 for persistent cross-site scripting (XSS) by injecting specially crafted JavaScript payloads into URL parameters and observing if the script executes or is stored persistently. Specific commands are not provided in the resources, but typical detection involves using web vulnerability scanners or manual testing with tools like curl or browser developer tools to inject and monitor script execution. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update Weblication CMS Core from version 019.004.000.000 to the patched version 019.005.000.000, which includes proper input sanitization to prevent the XSS vulnerability. Until the update is applied, restrict access to the admin panel and monitor for suspicious activity involving URL parameters. [1]

Useful 0 Not Useful 0